On Thu, Feb 01, 2018 at 11:03:35AM +0100, Arturo Borrero Gonzalez wrote: > On 1 February 2018 at 08:50, hdemir <hdemir@xxxxxxxxxxx> wrote: > > Hi, > > > > I found this conversation; > > > > https://www.spinics.net/lists/netfilter/msg56947.html > > > > It would be useful to have NET function as ipset has. > > > > > > Then, using that example: > > > hash:net,net > > % nft add rule tablename chainname ip saddr and 255.255.255.0 . ip > daddr and 255.255.255.0 vmap { 10.10.10.0 . 10.10.20.0 : accept } > > > hash:net,port,net > > % nft add rule tablename chainname ip saddr and 255.255.255.0 . tcp > dport . ip daddr and 255.255.255.0 vmap { 10.10.10.0 . 80 . 10.10.20.0 > : accept } > > > > hash:net,iface > > > > % nft add rule tablename chainname ip saddr and 255.255.255.0 . iif > vmap { 10.10.10.0 . eth0 : accept } > > Will add this to the nftables wiki [0]. Thanks Arturo! Sorry, I overlook your reply. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
