On 1 February 2018 at 08:50, hdemir <hdemir@xxxxxxxxxxx> wrote: > Hi, > > I found this conversation; > > https://www.spinics.net/lists/netfilter/msg56947.html > > It would be useful to have NET function as ipset has. > > Then, using that example: > hash:net,net % nft add rule tablename chainname ip saddr and 255.255.255.0 . ip daddr and 255.255.255.0 vmap { 10.10.10.0 . 10.10.20.0 : accept } > hash:net,port,net % nft add rule tablename chainname ip saddr and 255.255.255.0 . tcp dport . ip daddr and 255.255.255.0 vmap { 10.10.10.0 . 80 . 10.10.20.0 : accept } > hash:net,iface > % nft add rule tablename chainname ip saddr and 255.255.255.0 . iif vmap { 10.10.10.0 . eth0 : accept } Will add this to the nftables wiki [0]. [0] https://wiki.nftables.org/wiki-nftables/index.php/Concatenations#Examples -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
