Re: libnftnl adding element to a set of type ipv4_addr or ipv6_addr

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Phil,

Thanks for the answer. That's a very good idea. Today I saw the example sources of nftables using nft_run_cmd_from_buffer and I was wondering perhaps if I can use this function somehow. I will simplify my code a lot. It will not be necessary to build all code for my mini-firewall tool and I think the foot print will be reduced.

Thanks for the idea!

Cheers.

On 7/19/2023 12:53 PM, Phil Sutter wrote:
Hi,

On Tue, Jul 18, 2023 at 09:02:02PM +0200, Easynet wrote:
I'm building a small firewall daemon that it receives if an user is
authenticated and then is adding his IP in a set to be allowed for 24h.
I'm new in nftnl library and I started to read the documentation and
also the examples.

Until now I was able to add in my daemon these tools based on libnftnl:

- create / delete / get tables
- create / delete chains
- create / delete sets.

Right now I'm facing an issue that I can't understand how to build the
nftnl packet for adding an element to my set, which has interval and
timeout flags.
With libnftnl, source is documentation. Go check nftables code on how to
use it. If you need a simpler interface to nftables, I highly recommend
using libnftables instead. You'll either have to pass strings or use a
JSON library for structured in- and output. For simple things such as
adding an element to a set, it more or less boils down to:

| struct nft_ctx *ctx = nft_ctx_new(NFT_CTX_DEFAULT);
| nft_run_cmd_from_buffer(ctx, "add element mytable myset { 123 }");
| nft_ctx_free(ctx);

Cheers, Phil




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux