On 28.07.2009 14:23, Patrick McHardy wrote:
> I never pushed out the userspace changes for the new set API.
> I just pushed out all the changes that should be needed, please
> update your trees and try again.
>
pulled, compiled, works.
thanks!
Christoph A.
nft -f main1
insert: [c0a80100 c0a801ff]
insert: [2020202 2020202]
insert: [c0a83801 c0a83801]
iter: [2020202 2020202]
iter: [c0a80100 c0a801ff]
iter: [c0a83801 c0a83801]
list: [00000000 02020201]
list: [02020202 02020202]
list: [02020203 c0a800ff]
list: [c0a80100 c0a801ff]
list: [c0a80200 c0a83800]
list: [c0a83801 c0a83801]
list: [c0a83802 ffffffff]
{ 0.0.0.0, 2.2.2.2, 2.2.2.3, 192.168.1.0, 192.168.2.0, 192.168.56.1,
192.168.56.2}
(I guess the second IPs ...2.3, ..2.0, ..56.2 are the upper bound of the
range)
define sshclient = 192.168.56.1
define foo = 2.2.2.2
define localnet = 192.168.1.0/24
define allowed_ssh_hosts = { $sshclient, $foo, $localnet }
define sshport = 22
define httpport = 999
flush table filter
delete table filter
table filter {
chain input {
hook NF_INET_LOCAL_IN 0
ct state related,established accept
#ip saddr { $sshclient, $foo, $localnet } tcp dport $sshport ct state new accept
ip saddr $allowed_ssh_hosts tcp dport $sshport ct state new accept
ip saddr $sshclient tcp dport $httpport ct state new accept
drop
}
chain output {
hook NF_INET_LOCAL_OUT 0
ct state related,established accept
drop
}
}
Attachment:
signature.asc
Description: OpenPGP digital signature
