Le Tuesday, September 27, 2016 9:11:01 PM CEST Pablo Neira Ayuso a écrit :
>
> nft add table inet filter
> nft add map inet filter mymap { type ipv4_addr . iface_index : verdict \; }
> nft add element inet filter mymap { 172.18.0.0 . eth0 : accept }
> nft add rule inet filter forward ip saddr and 255.255.255.0 . iif vmap
> @mymap ^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> The idea here is to mask the address, then add to the set the result
> of this operation, thus, 172.18.0.0
Very cool trick... Thanks. this solves 90% of what I want :)
This however implies the same mask for all networks, right?
Is is somehow possible to have one vmap for networks with different masks?
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
