[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: nftables: Internal error when checking rules
From:       Serg <seentr () at ! encryp ! ch>
Date:       2023-03-27 15:33:22
Message-ID: fba11b8b-2c0c-5b2d-f9f5-1f327d931c31 () at ! encryp ! ch
[Download RAW message or body]

On 3/27/23 18:05, Pablo Neira Ayuso wrote:
> It is a userspace bug in error reporting, patch is here:
> 
> https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230327145045.33797-1-pablo@netfilter.org/
> 
> I recommend you split that superlong line
> 
> Now it shows this:
> 
> # nft -f ruleset.nft
> ruleset.nft:402:1-16: Error: Could not process rule: File exists
> 8.9.10.11/30,
> ^^^^^^^^^^^^^
> 
> instead of the internal location.
> 

Thanks for pointing out this. Now I have figured out that the behaviour 
of nftables is different from my expectation due to absence of the line 
"flush ruleset" at the beginning of the main ruleset file, thus reload 
caused entries addition and not atomic replacement to the newest config.
[prev in list] [next in list] [prev in thread] [next in thread]