<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - flush set doesn't work as expected in script"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1431">1431</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>flush set doesn't work as expected in script
</td>
</tr>
<tr>
<th>Product</th>
<td>nftables
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>x86_64
</td>
</tr>
<tr>
<th>OS</th>
<td>Debian GNU/Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>minor
</td>
</tr>
<tr>
<th>Priority</th>
<td>P5
</td>
</tr>
<tr>
<th>Component</th>
<td>nft
</td>
</tr>
<tr>
<th>Assignee</th>
<td>pablo@netfilter.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>jimmyz.z@gmail.com
</td>
</tr></table>
<p>
<div>
<pre># nft list ruleset
table ip potato {
set potato {
type ipv4_addr
flags interval
elements = { 0.0.0.0-255.255.255.255 }
}
}
# cat b.nft
flush set ip potato potato;
add element ip potato potato {
10.0.0.0/8
}
# nft -f b.nft
b.nft:3:9-18: Error: interval overlaps with an existing one
10.0.0.0/8
^^^^^^^^^^
b.nft:2:1-2: Error: Could not process rule: Success
add element ip potato potato {
^^
# nft flush set ip potato potato
# nft -f b.nft
# nft list ruleset
table ip potato {
set potato {
type ipv4_addr
flags interval
elements = { 10.0.0.0/8 }
}
}
I think the example will do a better job explaining than my English.
This was tested on Debian Buster with kernel 4.19 and nft 0.9.0, and Arch with
kernel 5.4 and nft 0.9.4.
An alternative approach to delete set - add set instead of flush set - add
elements will work, so this is not a usability issue, but I think a bug is a
bug.
Thank you for your time.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>