From 5ac0eba538056a5568b3b9de31be692d5efeeec5 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 5 Mar 2023 19:45:59 +0000
Subject: [PATCH] Remove size limits on firewall sets

---
 cookbooks/networking/templates/default/nftables.conf.erb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cookbooks/networking/templates/default/nftables.conf.erb b/cookbooks/networking/templates/default/nftables.conf.erb
index 140510c36..94c383525 100644
--- a/cookbooks/networking/templates/default/nftables.conf.erb
+++ b/cookbooks/networking/templates/default/nftables.conf.erb
@@ -25,21 +25,25 @@ table inet filter {
   set ip-blacklist {
     type ipv4_addr
     flags dynamic
+    size 0
   }
 
   set ip6-blacklist {
     type ipv6_addr
     flags dynamic
+    size 0
   }
 
   set ratelimit-icmp-echo-ip {
     type ipv4_addr
     flags dynamic
+    size 0
   }
 
   set ratelimit-icmp-echo-ip6 {
     type ipv6_addr
     flags dynamic
+    size 0
   }
 
 <%- node[:networking][:firewall][:sets].each do |set| %>
@@ -50,6 +54,7 @@ table inet filter {
     type ipv6_addr
 <%- end %>
     flags dynamic
+    size 0
   }
 
 <%- end %>
-- 
2.39.5