sudo nft --version
nftables v1.0.9 (Old Doc Yak #3)
Recently my nftables debian service started to ends with error:
--8<---------------cut here---------------start------------->8---
Nov 22 19:18:56 alfa systemd[1]: Starting nftables.service - nftables...
Nov 22 19:18:57 alfa nft[2242551]: nft: datatype.c:1264: datatype_free: Assertion `dtype->refcnt != 0' failed.
Nov 22 19:18:57 alfa systemd[1]: nftables.service: Failed with result 'signal'.
Nov 22 19:18:57 alfa systemd[1]: Failed to start nftables.service - nftables.
--8<---------------cut here---------------end--------------->8---
After some investigating I found that nft does not like definition;
--8<---------------cut here---------------start------------->8---
table ip filter {
...
map ipsec_in {
typeof ipsec in reqid . iif : verdict
flags interval
}
...
chain INPUT {
type filter hook input priority 0; policy drop
...
ipsec in reqid . iif vmap @ipsec_in
...
}
...
}
--8<---------------cut here---------------end--------------->8---
rules seems to be loaded entirely and works.
When I downgraded nftables from 1.0.9-1+b1 to 1.0.8-1 service starts
without problems.
KJ
