Package: nftables Version: 0.8.1-1 Severity: normal Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate *** * Converting working iptables rules to nft rules. * Original iptables rule ** -A INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -i eth0 -p udp -m udp --dport 25 -j ACCEPT ** -A INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -i eth0 -p udp -m udp --dport 80 -j ACCEPT * translated to nftables ** nft add map mapper incoming {type ipv4_addr . ipv4_addr . inet_service : verdict \;} ** nft add rule mapper input ip saddr . ip daddr . tcp dport vmap @incoming ** nft add element mapper incoming { 10.0.0.0/8 . 10.0.0.0/8 . 25 : accept } * Error ** <cmdline>:1:42-42: Error: syntax error, unexpected ., expecting comma or '}' * This works although its not valid - note CIDR notation is removed. ** add element mapper incoming { 10.0.0.0 . 10.0.0.0 . 10050 : accept } * There is an expectation CIDR notation will work with the ipv4_addr type when it works with saddr and daddr.. -- System Information: Distributor ID: Ubuntu Description: Ubuntu 16.04.3 LTS Release: 16.04 Codename: xenial Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.0-87-generic (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US: (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages nftables depends on: ii dpkg 1.18.4ubuntu1.3 ii libc6 2.23-0ubuntu9 ii libgmp10 2:6.1.0+dfsg-2 ii libmnl0 1.0.3-5 ii libnftnl7 1.0.9-2 ii libreadline7 7.0-3 ii libxtables12 1.6.1-2+b1 nftables recommends no packages. nftables suggests no packages. -- no debconf information