From ca18224faa4cfe16d1aafae7a31203d03bcb0dc7 Mon Sep 17 00:00:00 2001
From: James Antill <james@and.org>
Date: Mon, 3 Mar 2025 17:08:20 -0500
Subject: [PATCH] Change osbuildapi set table to the ip filter table.

Signed-off-by: James Antill <james@and.org>
---
 roles/base/templates/nftables/nftables.kojibuilder    | 3 +--
 roles/koji_builder/templates/osbuildapi-update-nft.sh | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/roles/base/templates/nftables/nftables.kojibuilder b/roles/base/templates/nftables/nftables.kojibuilder
index 36b3536043..dbdbfd1412 100644
--- a/roles/base/templates/nftables/nftables.kojibuilder
+++ b/roles/base/templates/nftables/nftables.kojibuilder
@@ -32,8 +32,7 @@ add rule ip filter INPUT ip saddr {{ ip }} counter drop
 #!# WARNING: This is very different...
 # -A OUTPUT -p tcp --dport 443 -m set --match-set osbuildapi dst -j ACCEPT
 
-add table inet global
-add set inet global osbuildapi { type ipv4_addr ; size 65536; }
+add set  ip filter osbuildapi { type ipv4_addr ; size 65536; }
 
 add rule ip filter OUTPUT tcp dport 443 ip daddr @osbuildapi accept
 
diff --git a/roles/koji_builder/templates/osbuildapi-update-nft.sh b/roles/koji_builder/templates/osbuildapi-update-nft.sh
index ea0a5f1226..e116484e76 100644
--- a/roles/koji_builder/templates/osbuildapi-update-nft.sh
+++ b/roles/koji_builder/templates/osbuildapi-update-nft.sh
@@ -20,15 +20,15 @@ NEWIDENTITYIPS=`echo "$RESOLVEQUERY" | grep link | sed -E 's/.* ([0-9]+\.[0-9]+\
 # Empty the filter: We do this at the end for a small window.`
 # NOTE: We aren't flushing old entries anymore.
 # See commit: e7b50aaee469fdded0ea650c7e7f4dd06e929609
-# nft flush set global osbuildapi
+# nft flush set ip filter osbuildapi
 
 # Add the IPs...
 for j in $NEWIPS
 do
-     nft add element ip global osbuildapi { $j }
+     nft add element ip filter osbuildapi { $j }
 done
 
 for j in $NEWIDENTITYIPS
 do
-     nft add element ip global osbuildapi { $j }
+     nft add element ip filter osbuildapi { $j }
 done