0

I am unable to create an ip set (precisely, a subnet set) with the define statement in nftables

nft -f rc.nftables
rc.nftables:5:17-34: Error: Could not resolve hostname: Address family for hostname not supported
define lov6 = { 1234:5678:90ab:cd::0/64, 1234:5678:90ab:ce::0/64, fe80::0/10 }
                ^^^^^^^^^^^^^^^^^^

Using square brackets doesn't improve things. I may have misread the docs but right now I'm stuck. Similar syntax works for ipv4 in the previous line as follows.

define lov4 = { 1.2.3.0/24, 1.2.4.0/24 }
meh
  • 11
  • 5
  • Please provide the ruleset causing the error, rather than just the define. It should be fairly obvious, but I can't answer without data provided in the question. – A.B Mar 29 '21 at 14:32
  • @A.B Thanks, you made me watch at the problem from a different perspective, I will answer my own question now. – meh Mar 31 '21 at 08:09

1 Answers1

0

The problem was not in the declaration of the set but rather in the rule using it. Because of a typo I was using the "ip" keyword rather than "ip6".

Therefore I assume that sets are evaluated each time a rule references them rather than at "declaration time" but an error like mine will point to the set line, not the rule line in the config file.

A bit confusing but lesson learned.

meh
  • 11
  • 5
  • 1
    If you have multiple files (say, one for ip4 rules and one for ip6 rules), and then include them both from nftables.conf, variable names must be unique across files. I had systemIP defined in each file, and got the same "Address Family Not Supported" error referencing the first file. Changing the second file to systemIP6 (and subsequent references) cleared up the error. – Steven Aug 10 '21 at 21:26