Use interval sets for blocklists

[chef.git] / cookbooks / networking / templates / default / nftables.conf.erb

diff --git a/cookbooks/networking/templates/default/nftables.conf.erb b/cookbooks/networking/templates/default/nftables.conf.erb
index d98237d6e4649532b78655a8e8de69afed0a8feb..957955af4121d3432a28221d9635c336512fcb67 100644 (file)
--- a/cookbooks/networking/templates/default/nftables.conf.erb
+++ b/cookbooks/networking/templates/default/nftables.conf.erb
@@ -24,12 +24,12 @@ table inet chef-filter {
 
   set ip-blocklist {
     type ipv4_addr
-    flags dynamic
+    flags interval
   }
 
   set ip6-blocklist {
     type ipv6_addr
-    flags dynamic
+    flags interval
   }
 
   set ratelimit-icmp-echo-ip {