[pkg-netfilter-team] Bug#1001360: Bug#1001360: nftables: nft returns "BUG: unsupported familynft: evaluate.c:2766..."
Bruce Link
bruce at 1045.ca
Fri Dec 10 23:52:02 GMT 2021
On 2021-12-09 03:13, Jeremy Sowden wrote:
> On 2021-12-08, at 21:01:48 -0600, Bruce Link wrote:
>> Package: nftables
>> Version: 1.0.1-1
>> Severity: normal
>> Tags: upstream
>>
>> Dear Maintainer,
>>
>> * What led up to the situation?
>> Running nft -f with the following configuration appears to trigger the bug. I've removed what I think are the non-relevant parts.
>>
>> table inet filter {
>> set netflix-ips {
>> type ipv4_addr;
>> flags interval;
>> elements = {
>> 52.0.131.132,
>> 23.221.228.214,
>> 8.207.84.236,
>> 54.204.25.0-54.204.25.16,
>> 3.23.189.144-3.23.189.160,
>> 34.195.253.0-34.195.253.128,
>> }
>> }
>>
>> chain kill-kids-netflix {
>> ether saddr ba:db:ee:ff:5e:39 ip daddr @netflix-ips reject;
>> }
>>
>> * What exactly did you do (or not do) that was effective (or
>> ineffective)?
>> Not applicable.
>>
>> * What was the outcome of this action?
>> nft returns the following:
>>
>> ~$ sudo nft -f /etc/nftables.conf
>> BUG: unsupported familynft: evaluate.c:2766: stmt_evaluate_reject_inet_family: Assertion `0' failed.
>> Aborted
>>
>> * What outcome did you expect instead?
>> nft to load the rules properly or complain about my often poor syntax.
> The error reporting is unhelpful. :)
>
> nft will only infer how to do the reject for the `ip` and `ip6`
> families, but you are using the `inet` one. If you look for "REJECT
> STATEMENT" in the nft man-page you will see it talks about using
> 'icmpx' codes for the 'inet' family. Change it to:
>
> ether saddr ba:db:ee:ff:5e:39 ip daddr @netflix-ips reject with icmpx port-unreachable;
>
> and it will work correctly.
>
> nft could be a bit cleverer (or at least more informative) about this,
> so I will speak to the Netfilter development team.
>
> J.
Jeremy,
Thank you for the clarification. I hope my feedback provides some value.
Bruce
More information about the pkg-netfilter-team
mailing list