On 3 November 2017 at 15:39, Tomas Mudrunka <mudrunka@xxxxxxxxx> wrote: > Hello, > i'd like to drop all traffic that is related to address. is there way to > merge these two rules: > > nft add rule ip filter output ip daddr 1.2.3.4 counter drop > nft add rule ip filter output ip saddr 1.2.3.4 counter drop > > to single rule like this: > > nft add rule ip filter output ip addr 1.2.3.4 counter drop > > i think this would be quite useful to simplify my rule set. especialy when > handling vast amount of addresses. > The amount of addresses should be no problem since you can use native sets: add rule ip filter output ip saddr @badips counter drop add rule ip filter output ip daddr @badips counter drop -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
