[OpenWrt-Devel] "nft -f <file>" bug and workaround, 18.06.2 release, kernel 4.14.95

H Craig hicksycle at gmail.com
Tue Apr 30 17:19:09 EDT 2019


OpenWrt 18.06.2, r7676-cddd7b4c77
Linux OpenWrt 4.14.95 #0 SMP Mon Jan 28 08:54:32 2019 x86_64 GNU/Linux
device: PC Engines apu2d4 board.


Given a typical  nft rule file with the usual
flush ruleset
at the top (and also containing nat rules),
loading it with
nft -f <file>
fails unless the nft ruleset is already flushed.


At the top of the nft rule file, replace
flush ruleset
table ip nat
table ip mangle
table ip filter
flush table ip nat
flush table ip mangle
flush table ip filter


A previous setup with an earlier kernel:

OpenWrt 18.06.2, r7676-cddd7b4c77
Linux OpenWrt 4.9.152 #0 SMP Mon Jan 28 08:54:32 2019 aarch64 GNU/Linux
device: raspberry pi 3b+

did not have this bug.
I believe it the change in kernel version which makes the difference.


openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list