>> But
>> then I do not see how with the sets type strings available |ipv4_addr,
>> ipv6_addr, ether_addr, inet_proto, inet_service, mark|.
>> Say I wan to construct this set
>>
>> set lan {
>> type iif
>> elements = { lo, br0, br1 , br2, br3 }
>> }
>>
>> and sub subsequent rule with |meta iif ne @lan|
> Its same as
>
> meta iif { lo, br0, br1, br2, br3 }
>
> except that the 'named set' (@lan) can be added or removed to later.
Not sure whether I am misunderstanding something but |typ iif| as stated
in the above set syntax is not working - when trying to deploy it this
error is thrown
/etc/fw/sets:14:7-13: Error: set definition does not specify key
set lan {
^^^
> but lo is not needed here because your rule handle 6 already accepts all
> packets coming in via loopback.
Thank you for the pointer, apparently I missed the logic already in place.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
