[pkg-netfilter-team] Bug#959989: nftables: nft does not recognize imap service

[Artur Pydo]

Hi,

Le 08/05/2020 à 11:09, Arturo Borrero Gonzalez a écrit :

> I cannot reproduce this. The same rule worked here:
> ...
> I wonder if fail2ban is wrapping the call to the nft binary in a way that
> prevents it from doing the getaddrinfo() call. This seems unlikely anyway.

No, this is not specific to fail2ban.

I reproduce this problem the exact same way in shell :

# nft insert rule inet filter input tcp dport \{
smtp,465,submission,imap,imaps,pop3,pop3s \} ip saddr @f2b-pos
                                    tfix-sasl reject
Error: Could not resolve service: Servname not found in nft services list
insert rule inet filter input tcp dport {
smtp,465,submission,imap,imaps,pop3,pop3s } ip saddr @f2b-postfix-sasl
reject
                                                              ^^^^

I also tried 'sudo nft...' with the same error.

I am able to reproduce it on two different servers. One upgraded from
older Debian versions and the second one is a clean install on a cloud
instance.

How can I help ?

-- 
Best regards,
Artur