Hello,
does anybody know if it's possible to use intervals inside of maps?
Pablo already pointed out that it is possible to use maps as follows to
handle rule processing more efficient:
nft add rule test myChain ip saddr . ip daddr vmap { 10.10.10.15 .
10.10.20.5 : accept, 10.10.10.1 . 10.10.20.1 : accept}
table ip test {
chain myChain {
ip saddr . ip daddr vmap { 10.10.10.15 . 10.10.20.5 : accept,
10.10.10.1 . 10.10.20.1 : accept}
}
}
If I try to use intervals in maps the same way, I receive the following
output:
root@fw:~# nft add rule test myChain ip saddr . ip daddr vmap {
10.10.10.0/24 . 10.10.20.0/24 : accept }
<cmdline>:1:64-64: Error: syntax error, unexpected ., expecting colon
add rule test myChain ip saddr . ip daddr vmap { 10.10.10.0/24 .
10.10.20.0/24 : accept }
^
I also tried to add a map using the flag interval which will be
converted into a set without a verdict like this:
root@fw:~# nft list ruleset
table ip test {
chain myChain {
}
}
root@fw:~# nft add map test myMap { type ipv4_addr . ipv4_addr : verdict
\; flags interval \; }
root@fw:~# nft list ruleset
table ip test {
set myMap {
type ipv4_addr . ipv4_addr
flags interval
}
chain myChain {
}
}
root@fw:~#
So I guess using intervals inside of maps is currently not supported, is
this correct?
Kind regards
Andreas
Attachment:
signature.asc
Description: OpenPGP digital signature
