ѽ҉ᶬḳ℠ <vtol@xxxxxxx> wrote:
> > nft describe meta iif
> > meta expression, datatype iface_index
> >
> > So, can you try 'type iface_index'?
>
> Yes, that works for the set creation but not with the rule. The set
> syntax reads now
>
> set brdg {
> type iface_index
> elements = { br0, br1, br2 , br3 }
> flags constant
> size 4
> }
Looks good.
> /etc/fw/meter:11:14-18: Error: Set 'brdg' does not exist
> meta iifname @brdg
> ^^^
Looks bad.
> changed the name of the set but no dice. Tried the following variations
> in the rule but ending up with the same error
>
> meta iifname @brdg
> meta iif ne @brdg
> iifname ne @brdg
> iif ne @brdg
nft thinkts the set doesn't exit, I can't reproduce it here.
sets are scoped to the table they live in, are you perhaps creating this
set in e.g. table x and try to use it in table y?
meta iif ne @brdg should work.
Its same as meta iif ne { br0, br1, br2 , br3 }
except in your version you can reference it by name so you
don't have to repeat the anonymous set in case you need it
in several rules.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
