>> * Is there some way to view the name-to-port mappings exposed by
>> inet_service, aside from digging around in source code?
>
> # nft describe tcp dport
> [...]
Perfect. Thanks!
>> * Is there some way to provide insert custom name-to-port mappings
>> into the inet_service lookup table? Or is this a terrible, horrible,
>> no-good idea?
>
> There is not, but probably you want to define a variable for this
> instead in your ruleset.
Variables are definitely a better way to handle things.
For the record, and in case someone else googles their way to this
archived conversation, I consulted with the nftables wiki scripting
page, [1] and wrote some variables like this:
define ssh_srv1 = 30022
define syncthing_core_user1 = 22000
define syncthing_core_user2 = 22001
define services_srv1 = {
$ssh_srv1,
$syncthing_core_user1,
$syncthing_core_user2,
http,
https
}
[1] https://wiki.nftables.org/wiki-nftables/index.php/Scripting
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
