[Bug 1431] New: flush set doesn't work as expected in script
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Wed May 27 14:55:52 CEST 2020
https://bugzilla.netfilter.org/show_bug.cgi?id=1431
Bug ID: 1431
Summary: flush set doesn't work as expected in script
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: minor
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: jimmyz.z at gmail.com
# nft list ruleset
table ip potato {
set potato {
type ipv4_addr
flags interval
elements = { 0.0.0.0-255.255.255.255 }
}
}
# cat b.nft
flush set ip potato potato;
add element ip potato potato {
10.0.0.0/8
}
# nft -f b.nft
b.nft:3:9-18: Error: interval overlaps with an existing one
10.0.0.0/8
^^^^^^^^^^
b.nft:2:1-2: Error: Could not process rule: Success
add element ip potato potato {
^^
# nft flush set ip potato potato
# nft -f b.nft
# nft list ruleset
table ip potato {
set potato {
type ipv4_addr
flags interval
elements = { 10.0.0.0/8 }
}
}
I think the example will do a better job explaining than my English.
This was tested on Debian Buster with kernel 4.19 and nft 0.9.0, and Arch with
kernel 5.4 and nft 0.9.4.
An alternative approach to delete set - add set instead of flush set - add
elements will work, so this is not a usability issue, but I think a bug is a
bug.
Thank you for your time.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200527/3872c9c7/attachment.html>
More information about the netfilter-buglog
mailing list