Am attempting to block a set of CIDRs, some IPv4 and some IPv6.
I expected the nft families to work, ip, arp, ip6, bridge, inet, netdev, but they don't.
Setting a family of "inet" works for IPv4:
config ipset
option name 'blacklist_ipv4'
option family 'inet'
option match 'dst_net'
option loadfile '/etc/config/blacklist_ipv4.txt'
Adding IPv6 addresses to the blacklist file yields:
Skipping invalid entry '2404:3fc0:1::/48'
Duplicating config ipset and rule for IPv6 yield an error.
Neither "inet6" nor "ip6" work.
config ipset
option name 'blacklist_snv6'
option family 'inet6'
option match 'dst_net'
option loadfile '/etc/config/blacklist_snv6.txt'
/dev/stdin:63:6-15: Error: Could not process rule: Invalid argument
set blacklist_snv6 {
Setting a family of "ip" does NOT work for IPv4 and yields the error:
Section @ipset[0] (blacklist_ipv4) skipped due to invalid options