On 06/04/2019 22:13, Florian Westphal wrote:
> Should work:
>
> table inet filter {
> set test {
> type ipv4_addr
> size 65535
> timeout 1h
> }
>
> chain input {
> type filter hook input priority filter; policy accept;
> ip saddr @test update @test { ip saddr timeout 1d } drop
> meta iif not "lo" tcp dport { 25, 80, 443 } add @test { ip saddr } drop
> }
> }
>
I had to use *!=* instead of *not* . Other than
that it works nice.
Attachment:
signature.asc
Description: OpenPGP digital signature
