[pkg-netfilter-team] Bug#931820: nftables: After adding map type ipv4_addr : counter it behaves as a set
Michal Safranek
reports at dobris.net
Wed Jul 10 20:58:03 BST 2019
Package: nftables
Version: 0.9.1-2
Severity: important
Hello,
after adding following map to nftables
# nft add map inet filter countermap { type ipv4_addr : counter\; }
the ruleset is, as expected
# nft list ruleset
table inet filter {
map countermap {
type ipv4_addr : counter
}
}
but from now, you can't work with this as a map, but you have to use a
set. For example, when you run
# nft flush map inet filter countermap
Error: No such file or directory
flush map inet filter countermap
^^^^^^^^^^
you get an error, but it works with set keyword
# nft flush set inet filter countermap
It also doesn't appear in list of maps, but it's in list of sets...
# nft list maps
table inet filter {
}
# nft list sets
table inet filter {
map countermap {
type ipv4_addr : counter
}
}
Everything about this set/map work as expected, you can use it in rules
and it works...
Thanks
Michal
-- System Information:
Debian Release: 10.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8), LANGUAGE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages nftables depends on:
ii dpkg 1.19.7
ii libc6 2.28-10
ii libgmp10 2:6.1.2+dfsg-4
ii libjansson4 2.12-1
ii libnftables1 0.9.1-2
ii libreadline8 8.0-2
nftables recommends no packages.
nftables suggests no packages.
-- no debconf information
More information about the pkg-netfilter-team
mailing list