Serguei Bezverkhi (sbezverk) <sbezverk@xxxxxxxxx> wrote: > That was exactly what I thought about "-s !<ClusterCIDR>" when I saw Florian reply. I will use it for now in nft rules which nft kube-proxy builds for this specific case. I think that in ideal case, no rules would be generated on the fly, and that instead it should add/remove elements from nftables maps and sets.
