Re: Overlapping IP networks no longer allowed?

On Wed, Feb 14, 2018 at 11:32:18PM +0100, Florian Westphal wrote: > For named sets, the no automerge makes sense because it seems like > we can't make any reasonable default choice when users try to delete > a no-longer existing (i.e. merged) element. > > But that problem doesn't exist with

Re: Overlapping IP networks no longer allowed?

On Wed, Feb 14, 2018 at 8:22 PM, Pablo Neira Ayuso wrote: > On Wed, Feb 14, 2018 at 07:02:32PM +0200, Mantas Mikulėnas wrote: >> Hello, >> >> As of nftables 0.8.1, it seems I can no longer write anonymous sets >> which contain overlapping networks (CIDR masks). >> >> For

Re: Overlapping IP networks no longer allowed?

Pablo Neira Ayuso wrote: > On Wed, Feb 14, 2018 at 07:02:32PM +0200, Mantas Mikulėnas wrote: > > Hello, > > > > As of nftables 0.8.1, it seems I can no longer write anonymous sets > > which contain overlapping networks (CIDR masks). > > > > For example, I want to write the

Re: Overlapping IP networks no longer allowed?

On Wed, Feb 14, 2018 at 07:02:32PM +0200, Mantas Mikulėnas wrote: > Hello, > > As of nftables 0.8.1, it seems I can no longer write anonymous sets > which contain overlapping networks (CIDR masks). > > For example, I want to write the following ruleset: > > #!/usr/bin/nft -f > define users = {

Overlapping IP networks no longer allowed?

Hello, As of nftables 0.8.1, it seems I can no longer write anonymous sets which contain overlapping networks (CIDR masks). For example, I want to write the following ruleset: #!/usr/bin/nft -f define users = { 10.0.0.0/8, 193.219.181.192/26 } define admins = { 10.123.0.0/24, 31.220.42.129 }