On Wed, Sep 02, 2015 at 10:17:12AM +0100, Alex Chapman wrote:
> Hi,
>
> Are multi-dimensional dictionaries supported in nftables? For example:
>
> nft add rule ip filter forward meta iifname . meta oifname { \ eth0 . eth1 : jump chain \ }
Currently we don't support oifname and oifname, the utility complains
since it's a variable length datatype. But I think we can fix this by
using the maximum length.
Anyway, meanwhile you can use iif and oif for device whose device
index is not expected to change.
So this is how what you need looks like:
nft add rule ip filter forward \
meta iif . meta oif vmap { eth0 . eth1 : jump test-chain }
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
