Package: nftables Version: 0.9.0-1 Severity: normal Hi, I make use of a "named set" for blacklisting purposes. The relevant part in /etc/nftables.conf:
table ip filter { set blacklist { type ipv4_addr flags interval include "/etc/ipset-blacklist/ip-blacklist.nft" } } The file /etc/ipset-blacklist/ip-blacklist.nft is generated from several sources, its contents are not perfectly organized. I was running Stretch, and it worked great. I just upgraded to Buster, and now nftables.service fails to start with this message: Error: conflicting intervals specified Ok, apparently the file contains those. After some Googling, I tried to add "auto-merge" to the blacklist options, and now it works again. I thought maybe this change should be documented somewhere for other upgraders, or handled automatically. Perhaps I file this bug to the wrong package (maybe it's kernel or release notes?), but now at least it is known. Thanks! -- System Information: Debian Release: 9.6 APT prefers stable APT policy: (700, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8), LANGUAGE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages nftables depends on: ii dpkg 1.18.25 ii init-system-helpers 1.48 ii libc6 2.24-11+deb9u3 ii libgmp10 2:6.1.2+dfsg-1 ii libmnl0 1.0.4-2 pn libnftables0 <none> pn libnftnl4 <none> ii libreadline7 7.0-3 ii libxtables12 1.6.0+snapshot20161117-6 nftables recommends no packages. nftables suggests no packages.