Error: syntax error, unexpected th
add rule ipv4table k8s-filter-services ip protocol . ip daddr . th dport vmap @no-endpoints-services
^^
sbezverk@dev-ubuntu-1:mimic-filter$ sudo nft -v
nftables v0.9.1 (Headless Horseman)
Any clues? Am I using old version?
Thank you
Serguei
On 2019-12-18, 12:24 PM, "n0-1@xxxxxxxxxxxxx on behalf of Phil Sutter" <n0-1@xxxxxxxxxxxxx on behalf of phil@xxxxxx> wrote:
Hi Serguei,
On Wed, Dec 18, 2019 at 05:01:33PM +0000, Serguei Bezverkhi (sbezverk) wrote:
> I came across a situation when I need to match against L4 proto (tcp/udp), L3 daddr and L4 port(port value) with vmap.
>
> Vmap looks like this:
>
> map no-endpoints-services {
> type inet_proto . ipv4_addr . inet_service : verdict
> }
>
> I was wondering if somebody could come up with a single line rule with reference to that vmap.
Should work using th header expression:
| ip protocol . ip daddr . th dport vmap @no-endpoints-services
Cheers, Phil
