Akshat Kakkar <akshat.1984@xxxxxxxxx> wrote:
> Thanks for the info. nftables set infra lacks lot of things specially
> interfaces.
nft add set inet filter example '{ type ifname; }'
nft add set inet filter example '{ type iface_index; }'
nft add set inet filter example '{ type ifname . ifname ; }'
... should all work.
What is missing for your use case?
> Besides, I just dont want to develop new ipsets, but also
> want to extend its functionality so as to include rule decision,
Thats virtally impossible due to way xtables binary encoding works.
You could implement ability to drop but thats not really different from
current -m ipset ... -j DROP.
>> natted ips, etc.
the original ips are already stored in conntrack. If you want to store
nat mappings: This is already implemented in nft set infra.
What are you trying to do?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
