From: Tom Hughes <tom@compton.nu>
Date: Tue, 7 Mar 2023 18:04:34 +0000 (+0000)
Subject: Use interval sets for blocklists
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/b7a8d79c0c5d44e3597bdc1b9ed269b3982e7868?ds=sidebyside

Use interval sets for blocklists
---

diff --git a/cookbooks/networking/templates/default/nftables.conf.erb b/cookbooks/networking/templates/default/nftables.conf.erb
index d98237d6e..957955af4 100644
--- a/cookbooks/networking/templates/default/nftables.conf.erb
+++ b/cookbooks/networking/templates/default/nftables.conf.erb
@@ -24,12 +24,12 @@ table inet chef-filter {
 
   set ip-blocklist {
     type ipv4_addr
-    flags dynamic
+    flags interval
   }
 
   set ip6-blocklist {
     type ipv6_addr
-    flags dynamic
+    flags interval
   }
 
   set ratelimit-icmp-echo-ip {