2016-10-12 8:19 GMT+02:00 Michal Kubecek <mkubecek@xxxxxxx>: > On Wed, Oct 12, 2016 at 12:17:24AM +0200, Bjørnar Ness wrote: >> >> Yeah, sortoff. But afaik rpfilter is a iptables module, and not >> available in nftables yet. >> >> Pablo: is the "lookup in routing table from nftables" a total waste of time? > > You may be interested in > > https://www.youtube.com/watch?v=wfWMPlZHQBk&t=19m40s Thanks, Michal, this is interesting, but not exactly what I am looking for. This fib module would as far as I can tell follow the routing from rules -> table -> decision, which will need both a src and dst address. What I want is to skip the rule matching, and check directly in a table, that way we only need a single address, and the following should potentially work from prerouting: ip saddr rt_table 10 drop comments? -- Bj(/)rnar -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
