IP not banned in interval set

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

nftables v1.0.6 (Lester Gooch #5) from Debian 12. I have a set which contains in a table mytable of type inet

set toban4-smtp {
    type ipv4_addr
    flags interval
    auto-merge
    elements = { 194.169.175.17-194.169.175.18 }
}

chain input {
    type filter hook input priority -100; policy accept;
    ip saddr @toban4-smtp tcp dport { 25, 462, 587 } drop
}

But

nft delete element inet mytable toban4-smtp { 194.169.175.17 }
Error: element does not exist
delete element inet reaction toban4-smtp { 194.169.175.17 }

where

nft delete element inet mytable toban4-smtp { 194.169.175.17-194.169.175.18 }

does the job !

Also, with elements = { 194.169.175.17-194.169.175.18 }, when one of those IP is coming back it is allowed to enter :(

What's wrong here ?

Thanks for your support
--
Daniel




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux