kravietz
commented
3 years ago Seems like a newline problem in one of the templates - note the partial rval; string:
# nft -f /etc/nftables.conf
In file included from /etc/nftables.conf:15:9-43:
/etc/nftables.d/sets.nft:22:1051-1063: Error: conflicting intervals specified
rval;
^^^^^^^^^^^^^ ~~~~~~~~~~~~~
In file included from /etc/nftables.conf:15:9-43:
/etc/nftables.d/sets.nft:8:5-17: Error: Could not process rule: Success
set in_ips_accept {
^^^^^^^^^^^^^
After updating to the latest (v2.0.1) of this nftables role, my rules no longer load. I get really bizarre errors from the actual
nftsoftware when I attempt to update my firewalls. I am not doing anything fancy, I just have a list of allowed IPs. I am letting this Ansible role generate all of mynftconfigs. I have included an example of the bizarre sorts of errors I am getting.nftnow refuses to load any of these rule files.The "conflicting intervals" appear to be 400 columns down a line that never gets printed, but the example ^^^ and ~~~ do get printed ... after 400 or so spaces. What is going on here? The statements all seem legal to me. Ansible did not report that any of these files were changing. All I did was add IPs to a set.
nft-example.txt
I got this error after getting very similar errors from the filter-input.nft and filter-output.nft files, and then I commented them out, to see what I could get to load. Turns out, no included files would load at all.
When I try to include the files manually,
nftcomplains a lot about the syntax, so there's not a good way for me to test each sub-block by hand.I can provide additional output if desired. I feel like there must be something simple I'm missing, but the changelog did not warn of any things I need to change in order for my old code to continue to work. In the meantime I will see if there is a way for me to revert my submodule copy of this repo to an earlier, working version.