Remove conntrack custom timeout rule:
delete system conntrack timeout custom ipv4 rule 1 destination port '53' delete system conntrack timeout custom ipv4 rule 1 protocol udp replied '700'
commit fails:
vyos@vyos# commit
[ system conntrack ]
Failed to apply configuration: /run/nftables-ct.conf:20:21-21: Error:
syntax error, unexpected '}', expecting string policy = { }/run/nftables-ct.conf:
vyos@vyos# cat /run/nftables-ct.conf
#!/usr/sbin/nft -f
delete table ip vyos_conntrack
table ip vyos_conntrack {
chain VYOS_CT_IGNORE {
return
}
chain VYOS_CT_TIMEOUT {
# rule-1
meta l4proto udp counter ct timeout set ct-timeout-1 comment "timeout-1"
return
}
ct timeout ct-timeout-1 {
l3proto ip;
protocol udp;
policy = { }
}
...Steps to reproduce:
set system conntrack timeout custom ipv4 rule 1 destination port '53' set system conntrack timeout custom ipv4 rule 1 protocol udp replied '700' commit delete system conntrack timeout custom ipv4 rule 1 destination port '53' delete system conntrack timeout custom ipv4 rule 1 protocol udp replied '700' commit