Hi, I found this conversation; https://www.spinics.net/lists/netfilter/msg56947.html It would be useful to have NET function as ipset has. hash:net,net hash:net,port,net hash:net,iface etc. Thanks. On 31-01-2018 10:25, hdemir wrote: > Hi, > > > I am trying to translate ipset to nftables; I could not add networks as > below; How can I add block IP addresses to the set. Am I missing > something? If not is it possible to add this function. > > ------------------------- > add table filter > add set filter whitelist2 { type ipv4_addr . inet_proto . > inet_service . ipv4_addr ;} > add element filter whitelist2 { \ > 10.10.1.0/24 . tcp . 25 . 10.1.1.1 comment "test", \ > 10.1.1.0 . tcp . 2 . 1.1.1.1 comment "test2" \ > } > > > > # nft -c -f abcd > abcd:4:30-30: Error: syntax error, unexpected ., expecting comma or '}' > 10.10.1.0/24 . tcp . 25 . 10.1.1.1 comment "test", \ > > > > There is no error message without this line; > ------------------- > add table filter > add set filter whitelist2 { type ipv4_addr . inet_proto . > inet_service . ipv4_addr ;} > add element filter whitelist2 { \ > 10.1.1.0 . tcp . 2 . 1.1.1.1 comment "test2" \ > } > > # nft -c -f abcd > # > > > Thanks. > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
