[Bug 1153] New: Sets with timeouts can be saved to a file but not reloaded

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed May 31 03:05:38 CEST 2017


https://bugzilla.netfilter.org/show_bug.cgi?id=1153

            Bug ID: 1153
           Summary: Sets with timeouts can be saved to a file but not
                    reloaded
           Product: nftables
           Version: unspecified
          Hardware: All
                OS: Debian GNU/Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: bugzilla at piven.net

I have a set defined as

    set ssh_attack_hosts {
        type ipv4_addr
        flags timeout
    }

and have an external program write entries into this set using something like

nft add element firewall ssh_attack_hosts { 10.10.10.10 timeout 1d }

This works fine and if I "nft list set firewall ssh_attack_hosts
>saved.set.file", I get a file containing something like

table ip firewall {
    set ssh_attack_hosts {
        type ipv4_addr
        flags timeout
        elements = { 10.10.10.10 timeout 1d expires 23h54m29s}
    }
}

However, if I try to read that set back into nftables (nft -f saved.set.file),
nft complains about the existence of the "expires" information:

saved.set.file:5:56-62: Error: syntax error, unexpected string, expecting comma
or '}'
        elements = { 10.10.10.10 timeout 1d expires 23h54m29s}
                                                    ^^^^^^^

(The ^^^ is under "expires" if the wrapping pixies are misbehaving.)

My expectation is that the expiration time should be read and saved in the
set... is this a reasonable expectation?

(This is with nft 0.7.)

Thanks! -- Don

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170531/770f679b/attachment.html>


More information about the netfilter-buglog mailing list