On Wed, Nov 22, 2023 at 10:04:04PM +0100, Pablo Neira Ayuso wrote:
> On Wed, Nov 22, 2023 at 07:35:59PM +0100, Kamil Jońca wrote:
[...]
> > --8<---------------cut here---------------start------------->8---
> > table ip filter {
> > ...
> > map ipsec_in {
> > typeof ipsec in reqid . iif : verdict
> > flags interval
> > }
> > ...
> >
> > chain INPUT {
> > type filter hook input priority 0; policy drop
> > ...
> > ipsec in reqid . iif vmap @ipsec_in
> > ...
> > }
> > ...
> > }
> > --8<---------------cut here---------------end--------------->8---
> >
> > rules seems to be loaded entirely and works.
>
> Thanks for this reproducer. Proposed fix:
>
> https://patchwork.ozlabs.org/project/netfilter-devel/patch/20231122210106.183932-1-pablo@xxxxxxxxxxxxx/
For the record:
https://git.netfilter.org/nftables/commit/?id=faa6908fad6053ae9549c45b88d0402cc69cf1ed
