Package: nftables
Version: 0.9.0-1
Severity: normal
Hi,
I make use of a "named set" for blacklisting purposes.
The relevant part in /etc/nftables.conf:
table ip filter {
set blacklist {
type ipv4_addr
flags interval
include "/etc/ipset-blacklist/ip-blacklist.nft"
}
}
The file /etc/ipset-blacklist/ip-blacklist.nft is generated from several
sources, its contents are not perfectly organized.
I was running Stretch, and it worked great. I just upgraded to Buster, and now
nftables.service fails to start with this message:
Error: conflicting intervals specified
Ok, apparently the file contains those.
After some Googling, I tried to add "auto-merge" to the blacklist options, and
now it works again.
I thought maybe this change should be documented somewhere for other upgraders,
or handled automatically.
Perhaps I file this bug to the wrong package (maybe it's kernel or release
notes?), but now at least it is known.
Thanks!
-- System Information:
Debian Release: 9.6
APT prefers stable
APT policy: (700, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8),
LANGUAGE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages nftables depends on:
ii dpkg 1.18.25
ii init-system-helpers 1.48
ii libc6 2.24-11+deb9u3
ii libgmp10 2:6.1.2+dfsg-1
ii libmnl0 1.0.4-2
pn libnftables0 <none>
pn libnftnl4 <none>
ii libreadline7 7.0-3
ii libxtables12 1.6.0+snapshot20161117-6
nftables recommends no packages.
nftables suggests no packages.
