On Mon, 18 Mar 2024, at 4:36 PM, List Support wrote: > Hi, > > nftables v1.0.6 (Lester Gooch #5) from Debian 12. I have a set which > contains in a table mytable of type inet > > set toban4-smtp { > type ipv4_addr > flags interval > auto-merge > elements = { 194.169.175.17-194.169.175.18 } > } > > chain input { > type filter hook input priority -100; policy accept; > ip saddr @toban4-smtp tcp dport { 25, 462, 587 } drop > } > > But > > nft delete element inet mytable toban4-smtp { 194.169.175.17 } > Error: element does not exist > delete element inet reaction toban4-smtp { 194.169.175.17 } > You would need at least nftables 1.0.7 for this to work. https://marc.info/?l=netfilter&m=167873533514569&w=2 > where > > nft delete element inet mytable toban4-smtp { > 194.169.175.17-194.169.175.18 } > > does the job ! > > Also, with elements = { 194.169.175.17-194.169.175.18 }, when one of > those IP is coming back it is allowed to enter :( > > What's wrong here ? This isn't particularly clear. Can you share the complete ruleset and explain the test case? -- Kerin Millar