Rosysong <rosys...@rosinson.com> wrote: > I met a strange issue on nftables when I ran my commands on Linux (mips > target, linux-4.9.102). > Using specific ip address can not restrict the traffic flow while using > broadcast address is ok (The ip for my machine is 192.168.2.223). Anybody > can tell my why ??
Looks like an endianess problem, however: # nft list ruleset table ip filter { chain input { type filter hook input priority 0; policy accept; ip daddr 10.16.64.0/21 counter packets 139 bytes 11144 } } Thats 4.9.103, running on s390 (also big endian). This kernel lacks commit 10596608c4d62cb8c1c2b806debcbd32fe657e71 netfilter: nf_tables: fix mismatch in big-endian system but that bug only causes mismatch for matches < u32, i.e. tcp ports and the like. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html