[pkg-netfilter-team] Bug#914439: nftables: Unexpected behavior with 'Sets'
Arturo Borrero Gonzalez
arturo.borrero.glez at gmail.com
Fri Nov 23 13:41:31 GMT 2018
Control: tag -1 moreinfo
On 11/23/18 2:28 PM, Aiko Barz wrote:
>
> I have written a nftables script, which extensively uses SetsĀ¹.
>
> Unexpected: It does block an IPv6-network, which is part of the set. The network has been loaded into the "named set". I checked it with:
> $ sudo nft list ruleset
>
> So, I cannot connect to the host by doing "ssh -6" for example. The DENY is visible in dmesg.
>
This is very likely a ruleset configuration issue and those aren't bugs.
Please re-check your rules.
I can't help if you don't provide concrete details on what is failing.
If you detect a regression on nftables (something was working in a
previous version and no longer working with a newer version) please
report which exact versions are involved and which exact
rules/command/rulesets are failing, along with linux kernel version.
Closing bug now, feel free to reopen if required :-)
More information about the pkg-netfilter-team
mailing list