From d3b54963622f242db1ebeda21dedd9558b484355 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 2 May 2023 08:54:21 +0200
Subject: [PATCH] firewall: create "dynamic" sets for nft rules for slb-bonding

A workaround for a nftables issue ([1]). I don't know why that matters.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2177667

Fixes: e9268e392418 ('firewall: add mlag firewall utils for multi chassis link aggregation (MLAG) for bonding-slb')

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1614
---
 src/core/nm-firewall-utils.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c
index f231583a21..03f1a9a5eb 100644
--- a/src/core/nm-firewall-utils.c
+++ b/src/core/nm-firewall-utils.c
@@ -889,12 +889,12 @@ nm_firewall_nft_stdio_mlag(gboolean           up,
          */
         _append(&strbuf,
                 "add set netdev %s macset-tagged {"
-                " typeof ether saddr . vlan id; flags timeout; "
+                " typeof ether saddr . vlan id; flags dynamic,timeout; "
                 "}",
                 table_name);
         _append(&strbuf,
                 "add set netdev %s macset-untagged {"
-                " typeof ether saddr; flags timeout;"
+                " typeof ether saddr; flags dynamic,timeout; "
                 "}",
                 table_name);