On Mon, 18 Mar 2024, at 4:36 PM, List Support wrote:
> Hi,
>
> nftables v1.0.6 (Lester Gooch #5) from Debian 12. I have a set which
> contains in a table mytable of type inet
>
> set toban4-smtp {
> type ipv4_addr
> flags interval
> auto-merge
> elements = { 194.169.175.17-194.169.175.18 }
> }
>
> chain input {
> type filter hook input priority -100; policy accept;
> ip saddr @toban4-smtp tcp dport { 25, 462, 587 } drop
> }
>
> But
>
> nft delete element inet mytable toban4-smtp { 194.169.175.17 }
> Error: element does not exist
> delete element inet reaction toban4-smtp { 194.169.175.17 }
>
You would need at least nftables 1.0.7 for this to work.
https://marc.info/?l=netfilter&m=167873533514569&w=2
> where
>
> nft delete element inet mytable toban4-smtp {
> 194.169.175.17-194.169.175.18 }
>
> does the job !
>
> Also, with elements = { 194.169.175.17-194.169.175.18 }, when one of
> those IP is coming back it is allowed to enter :(
>
> What's wrong here ?
This isn't particularly clear. Can you share the complete ruleset and explain the test case?
--
Kerin Millar
