From fc83d462621476be3b2861a93ac3a641e3f717c8 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Thu, 21 Apr 2022 21:21:02 +0200
Subject: [PATCH] ruleset: set auto-merge directive for interval sets

Set the auto-merge directive for interval sets to automatically merge
overlapping CIDRs such as 192.168.1.0/24, 192.168.1.1. Without that
directive, nft will fail to apply the rendered ruleset with an error.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---
 root/usr/share/firewall4/templates/ruleset.uc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/root/usr/share/firewall4/templates/ruleset.uc b/root/usr/share/firewall4/templates/ruleset.uc
index b402315..9cf7ef6 100644
--- a/root/usr/share/firewall4/templates/ruleset.uc
+++ b/root/usr/share/firewall4/templates/ruleset.uc
@@ -36,6 +36,7 @@ table inet fw4 {
 {% endif %}
 {%  if (set.interval): %}
 		flags interval
+		auto-merge
 {%  endif %}
 {%  fw4.print_setentries(set) %}
 	}
-- 
2.30.2