Symptoms
1. Nftables may not working correctly in containers, e.g. not allowing to use "element filter blacklist".
:~# nft add element filter blacklist { 192.168.10.100 }
Error: Could not process rule: No such file or directory
add element filter blacklist { 192.168.10.100 }
The issue affects nftables in containers based on the following OS templates:
- Ubuntu 22.04
- Almalinux 8
- Almalinux 9
2. The affected node has ReadyKernel Patch 163.1 installed:
~]# readykernel info | head
---snip---
Patch module: kpatch_cumulative_163_1_r1
File: /var/lib/kpatch/3.10.0-1160.90.1.vz7.200.7/kpatch-cumulative-163-1-r1.ko
Version: 163.1
---snip---
Cause
The issue is confirmed as bug PSBM-152103 and will be fixed in the upcoming ReadyKernel patch.
Resolution
It is recommended to downgrade the ReadyKernel patch to the previous version:
yum downgrade readykernel-patch-$(uname -r)