Forgot to say that removing auto-merge does the rule apply and working
as it should
Le 18/03/2024 à 17:36, List Support a écrit :
Hi,
nftables v1.0.6 (Lester Gooch #5) from Debian 12. I have a set which
contains in a table mytable of type inet
set toban4-smtp {
type ipv4_addr
flags interval
auto-merge
elements = { 194.169.175.17-194.169.175.18 }
}
chain input {
type filter hook input priority -100; policy accept;
ip saddr @toban4-smtp tcp dport { 25, 462, 587 } drop
}
But
nft delete element inet mytable toban4-smtp { 194.169.175.17 }
Error: element does not exist
delete element inet reaction toban4-smtp { 194.169.175.17 }
where
nft delete element inet mytable toban4-smtp {
194.169.175.17-194.169.175.18 }
does the job !
Also, with elements = { 194.169.175.17-194.169.175.18 }, when one of
those IP is coming back it is allowed to enter :(
What's wrong here ?
Thanks for your support
--
Daniel
