On Tue, Sep 27, 2016 at 05:10:45PM +0200, Martin Bednar wrote:
> hi,
>
> using nftables, I want to create a vmap :
>
> map mymap {type ipv4_addr . iface_index : verdict }
>
> I'd like the first argument to be an ip range/ network, so that I can add like
> so :
> nft add element inet filter mymap { 172.18.0.1/24 . eth0 : accept }
>
> nft add element inet filter mymap { 172.18.0.1-172.18.0.255 . eth0 : accept }
>
> Any hints as to what to do it?
nft add table inet filter
nft add map inet filter mymap { type ipv4_addr . iface_index : verdict \; }
nft add element inet filter mymap { 172.18.0.0 . eth0 : accept }
nft add rule inet filter forward ip saddr and 255.255.255.0 . iif vmap @mymap
^^^^^^^^^^^^^^^^^^^^^^^^^^
The idea here is to mask the address, then add to the set the result
of this operation, thus, 172.18.0.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
