[Bug 1153] New: Sets with timeouts can be saved to a file but not reloaded
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Wed May 31 03:05:38 CEST 2017
https://bugzilla.netfilter.org/show_bug.cgi?id=1153
Bug ID: 1153
Summary: Sets with timeouts can be saved to a file but not
reloaded
Product: nftables
Version: unspecified
Hardware: All
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: bugzilla at piven.net
I have a set defined as
set ssh_attack_hosts {
type ipv4_addr
flags timeout
}
and have an external program write entries into this set using something like
nft add element firewall ssh_attack_hosts { 10.10.10.10 timeout 1d }
This works fine and if I "nft list set firewall ssh_attack_hosts
>saved.set.file", I get a file containing something like
table ip firewall {
set ssh_attack_hosts {
type ipv4_addr
flags timeout
elements = { 10.10.10.10 timeout 1d expires 23h54m29s}
}
}
However, if I try to read that set back into nftables (nft -f saved.set.file),
nft complains about the existence of the "expires" information:
saved.set.file:5:56-62: Error: syntax error, unexpected string, expecting comma
or '}'
elements = { 10.10.10.10 timeout 1d expires 23h54m29s}
^^^^^^^
(The ^^^ is under "expires" if the wrapping pixies are misbehaving.)
My expectation is that the expiration time should be read and saved in the
set... is this a reasonable expectation?
(This is with nft 0.7.)
Thanks! -- Don
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170531/770f679b/attachment.html>
More information about the netfilter-buglog
mailing list