[OpenWrt-Devel] "nft -f <file>" bug and workaround, 18.06.2 release, kernel 4.14.95
H Craig
hicksycle at gmail.com
Tue Apr 30 17:19:09 EDT 2019
**Setup:**
OpenWrt 18.06.2, r7676-cddd7b4c77
Linux OpenWrt 4.14.95 #0 SMP Mon Jan 28 08:54:32 2019 x86_64 GNU/Linux
https://downloads.openwrt.org/releases/18.06.2/targets/x86/64/
device: PC Engines apu2d4 board.
**Bug:**
Given a typical nft rule file with the usual
```
flush ruleset
```
at the top (and also containing nat rules),
loading it with
```
nft -f <file>
```
fails unless the nft ruleset is already flushed.
**Workaround:**
At the top of the nft rule file, replace
```
flush ruleset
```
with
```
table ip nat
table ip mangle
table ip filter
flush table ip nat
flush table ip mangle
flush table ip filter
```
**Note:**
A previous setup with an earlier kernel:
OpenWrt 18.06.2, r7676-cddd7b4c77
Linux OpenWrt 4.9.152 #0 SMP Mon Jan 28 08:54:32 2019 aarch64 GNU/Linux
https://downloads.openwrt.org/releases/18.06.2/targets/brcm2708/bcm2710/
device: raspberry pi 3b+
did not have this bug.
I believe it the change in kernel version which makes the difference.
craigphicks
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list