I'm doing many port forwarding service on a linux server. There will
be many(may thousands of) port forward rule so I want to use nftables
map to improve performance rather than just many rules.
the policy will be [protocol : port -> address : port], like [tcp 1234
-> 1.1.1.1:4321], forward tcp 1234 port to address 1.1.1.1 same
protocol port 4321.
the protocol may only tcp and udp. so it's also ok if the key can
support only one port field. i can set maps and rules for each
protocol.
the problem is, how to define the value "ip:port" using map?
I tried create 2 maps, using
> nft add map nat forward_address {type inet_service : ipv4_addr \;}
> nft add map nat forward_port {type inet_service : inet_service \;}
but then I don't know how to set dnat rule....... seems the dnat
destnation can only accept one map value? and also i don't know how to
set "ip:port" as one value in map.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
