[Bug 1711] Named sets - Use flags interval and dynamic
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Oct 5 19:41:30 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1711
--- Comment #3 from nicolasfort1988 at gmail.com ---
No,interval seems not enough to be able to update set using firewall rules.
For example:
vyos at vyos:~$ sudo nft list table ip filter
table ip filter {
set FOO-1 {
type ipv4_addr
flags interval
}
set FOO-2 {
type ipv4_addr
size 65535
flags dynamic
}
chain FOO {
update @FOO-2 { ip saddr }
}
}
vyos at vyos:~$ sudo nft add rule ip filter FOO set update ip daddr @FOO-2
vyos at vyos:~$ sudo nft add rule ip filter FOO set update ip daddr @FOO-1
Error: Could not process rule: Operation not supported
add rule ip filter FOO set update ip daddr @FOO-1
^^^^^^^^^^^^^^^^^^^^^^^^^^
vyos at vyos:~$
As you can see, update set FOO-1 through firewall rules is not possible
(doesn't have dynamic flag), while updating set FOO-2 is allowed.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20231005/b5923b32/attachment.html>
More information about the netfilter-buglog
mailing list