On 2 July 2014 06:44, Jonathan Johnson <ecybernard@xxxxxxxxx> wrote:
> I tried to implement the syntax above with no luck. I have no idea
> what I am supposed to do, and I am blindly stabbing around with trial
> and error trying to figure this out. Why don't you just provide me
> with a complete example and make it easy for me? All the examples I
> find are broken,wrong, or incomplete.
>
Well, I just succesfully tested this:
nft add table blackhole
nft list table blackhole
table ip blackhole {
}
nft add set blackhole set1 { type ipv4_addr\; }
nft list table blackhole
table ip blackhole {
set set1 {
type ipv4_addr
}
}
nft add element blackhole set1 {1.1.1.1, 2.2.2.2, 3.3.3.3}
nft list table blackhole -nnn
table ip blackhole {
set set1 {
type ipv4_addr
elements = { 3.3.3.3, 2.2.2.2, 1.1.1.1}
}
}
nft add chain blackhole chain1
nft list table blackhole -nnn
table ip blackhole {
set set1 {
type ipv4_addr
elements = { 3.3.3.3, 2.2.2.2, 1.1.1.1}
}
chain chain1 {
}
}
nft add rule blackhole chain1 ip saddr @set1 counter accept
nft list table blackhole -nnn
table ip blackhole {
set set1 {
type ipv4_addr
elements = { 3.3.3.3, 2.2.2.2, 1.1.1.1}
}
chain chain1 {
ip saddr @set1 counter packets 0 bytes 0 accept
}
}
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
