Package: nftables Version: 0.8-1 Followup-For: Bug #880145 I experienced a variation of the reported issue. Previously, this rule was working as intended: --- tcp dport { http, https } accept
After the upgrade to the newer kernel and nftables versions, I was able to connect over 443 still, but 80 was now blocking traffic (last rule being "counter log reject"). Changing to this resolves the issue for now: --- tcp dport http accept tcp dport https accept I'm guessing there might be some slight variation in behavior based on the initial bug report of more than two elements in an anonymous set versus having exactly two. Either way, things broke, which is always an unwelcome change. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (650, 'testing'), (600, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages nftables depends on: ii dpkg 1.18.24 ii libc6 2.24-17 ii libgmp10 2:6.1.2+dfsg-1.1 ii libmnl0 1.0.4-2 ii libnftnl7 1.0.8-1 ii libreadline7 7.0-3 ii libxtables12 1.6.1-2+b1 nftables recommends no packages. nftables suggests no packages. -- Configuration Files: /etc/nftables.conf changed [not included] -- no debconf information