Hi,
On 9/26/19 1:52 PM, Fran Fitzpatrick wrote:
> I don't think this is possible with nftables. When you create a
> set/map, you need to give each element a type, so either `ipv4_addr`
> or `ipv6_addr`.
>
> If you do find out a way, please let me know, because I would also
> like to do it. :-)
>
> On Thu, Sep 26, 2019 at 4:31 AM Anton Rieger <rieger@xxxxxxxxx> wrote:
>>
>> Hi there,
>>
>> I'm trying to figure out the best way to apply a rule on a set of IP and IPv4 ranges.
>> My current workaround is to do the following:
>>
>> RULE jump customnet
>>
>> chain customnet {
>> ip saddr {192.0.2.0/24, 198.51.100.0/24} drop
>> ip6 saddr {2001:DB8:4::/48, 2001:DB8:7::/48} drop
>> }
>>
>>
>> I think it might be possible to do this somehow with maps and meta nfproto expressions.
>>
>> BTW:
>> It would be nice to have an ip4 alias to better match ip6/ip rules.
>> Also resetting the default address family might be useful.
>> For example I'm using more ip6 and inet than ip.
>>
>> Thank you,
>> Anton
Maybe it would be useful to implement a new inet_addr type that involves
ipv4 and ipv6 addresses. Pablo, do you think it would be feasible?
Thanks! :-)
