bugzilla-daemon at netfilter.org
2016-Nov-25 14:08 UTC
[Bug 1100] New: Support 'nft flush set'
https://bugzilla.netfilter.org/show_bug.cgi?id=1100
Bug ID: 1100
Summary: Support 'nft flush set'
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: phil at nwl.cc
Trying to flush a set just like one would (successfully) with a chain or table
feels natural but sadly is not supported at all:
$ sudo ./git/nftables/src/nft flush set inet filter blacklist6
BUG: invalid command object type 2
nft: rule.c:1245: do_command_flush: Assertion `0' failed.
zsh: abort sudo ./git/nftables/src/nft flush set inet filter blacklist6
Although the output reads 'BUG', this is actually not - it's merely
an
unimplemented feature.
Others seem to have gone through quite some pain in order to work around this
limitation:
https://www.spinics.net/lists/netfilter-devel/msg44240.html
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20161125/d3de49c1/attachment.html>
https://bugzilla.netfilter.org/show_bug.cgi?id=1100
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Kernel patch:
commit 8411b6442e59810fe0750a2f321b9dcb7d0a3d17
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Mon Dec 5 23:35:50 2016 +0100
netfilter: nf_tables: support for set flushing
Userspace patch:
commit 23b760a774cf12dd18fb68a84d502662ae6eebd8
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Mon Dec 5 22:45:22 2016 +0100
src: add support to flush sets
Available since 4.10. Closing.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170127/5d227991/attachment.html>
Apparently Analagous Threads
- [Bug 1359] New: nft 0.9.1 - table family inet, chain type nat, fails to auto-load modules
- [Bug 1213] New: Nft stateless NAT (NOTRACK)
- [Bug 1424] New: v0.9.0: segfault when using nft -f <file> and issuing "ruleset flush" twice
- [Bug 1407] New: Segfault with iptables-nft-restore when flush rules included
- [Bug 1435] segfault when using iptables-nft and iptables-legacy inside a container