Yes, this was the most recent post just as I logged on to ask something somewhat similar! In my case dnsmasq
at least starts fine, but is still not populating any ipsets.
I have as part of "/etc/config/dhcp":
config ipset
list name 'cameras'
list domain 'speculor-diluvium.lan'
list domain 'speculor-turriculam.lan'
list domain 'speculor-inornatus.lan'
list domain 'speculor-torqueo.lan'
list domain 'speculor-opilio.lan'
and as part of my "/etc/config/firewall":
config ipset
option family 'ipv4'
list match 'ip'
option name 'cameras'
but when I nft list ruleset | grep "set cameras" -A 3
it shows only:
set cameras {
type ipv4_addr
}
I was under the impression from various threads and issues (https://github.com/openwrt/openwrt/pull/10820, Dnsmasq (full) and firewall4 - using ipset or nftables together - no out-of-the-box solution in OpenWrt 22.03.03, IP Sets with nftables in LuCi - #2 by dave14305, Ipset by domain using Luci - #7 by stangri) that the main hangup was waiting for a new version of dnsmasq > 2.86 and then the IP Sets tab in LuCI would be working again.
But now we are at "Dnsmasq version 2.89" and it still seems to not work? I do notice that dnsmasq lists:
Compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
i.e. not only missing the old ipset
(as Dnsmasq-full, ipset support removed (in 23.05 and master) was complaining about even in the -full version) but also compiled as no-nftset
which seems to be mismatched — why would the default dnsmasq build still not support something that the default LuCI presents (without warning) as an available option?
UPDATE: I installed dnsmasq-full
(via the tips at Install dnsmasq-full over dnsmasq - #5 by stangri) and rebooted (since it seemed wedged trying to renew DHCP…) and still nothing shown added from the DHCP set into the Firewall nft ruleset dump.