>> I had hoped to concatenate the nft rules for tcp/udp and dns/dhcp into
>> named sets. Are sets working with l4proto raw ?, e.g.
>> add table bridge filter set tuc { type inet_proto ; elements = { udp,
>> tcp } }
>> add table bridge filter set dd { type inet_proto ; elements = { 53, 67 } }
>> add rule bridge filter input meta l4proto @tuc @th,16,16 @dd
> Yes, should work.
Looking forward to 0.3.8 becoming available on the ubuntu repo,
hopefully sooner than later.
> That evaluates "br0" for every packet making it into br0.
> What I mean with "bridge port" is a device that was enslaved
> to the bridge, e.g. eth0. It avoids filter overhead for devices that
> do not need filtering.
Thanks for the clarification, interesting concept.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
