Control: tag -1 moreinfo On 11/23/18 2:28 PM, Aiko Barz wrote: > > I have written a nftables script, which extensively uses SetsĀ¹. > > Unexpected: It does block an IPv6-network, which is part of the set. The > network has been loaded into the "named set". I checked it with: > $ sudo nft list ruleset > > So, I cannot connect to the host by doing "ssh -6" for example. The DENY is > visible in dmesg. >
This is very likely a ruleset configuration issue and those aren't bugs. Please re-check your rules. I can't help if you don't provide concrete details on what is failing. If you detect a regression on nftables (something was working in a previous version and no longer working with a newer version) please report which exact versions are involved and which exact rules/command/rulesets are failing, along with linux kernel version. Closing bug now, feel free to reopen if required :-)
