From 05575de1f1eb23f9f4c2c07c6b16ae383d12e3e1 Mon Sep 17 00:00:00 2001
From: Csillag Tamas <cstamas@digitus.itk.ppke.hu>
Date: Mon, 30 May 2022 14:05:18 +0200
Subject: [PATCH] nftables.conf - add support for cidr notation

Currently when trying to add an address like: 141.98.11.0/24 it fails with:

fail2ban.utils          [720]: ERROR   7fe8c36f6630 -- exec: nft add element inet f2b-table addr-set-custom \{ 141.98.11.0/24 \}
fail2ban.utils          [720]: ERROR   7fe8c36f6630 -- stderr: "Error: You must add 'flags interval' to your set declaration if you want to add prefix elements"

After adding 'flags interval' one can ban ranges now as expected.
---
 config/action.d/nftables.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/action.d/nftables.conf b/config/action.d/nftables.conf
index 77cf3661..b2bb9ec1 100644
--- a/config/action.d/nftables.conf
+++ b/config/action.d/nftables.conf
@@ -55,7 +55,7 @@ _nft_for_proto-multiport-done = done
 _nft_list = <nftables> -a list chain <table_family> <table> <chain>
 _nft_get_handle_id = grep -oP '@<addr_set>\s+.*\s+\Khandle\s+(\d+)$'
 
-_nft_add_set = <nftables> add set <table_family> <table> <addr_set> \{ type <addr_type>\; \}
+_nft_add_set = <nftables> add set <table_family> <table> <addr_set> \{ type <addr_type>\; flags interval\; \}
               <_nft_for_proto-<type>-iter>
               <nftables> add rule <table_family> <table> <chain> %(rule_stat)s
               <_nft_for_proto-<type>-done>