So I currently see no way of doing this. But I figured I'd just write out to verify. Is there anyway to have a statement "evaluated" for each packet? https://wiki.nftables.org/wiki-nftables/index.php/Load_balancing shows the use of: % nft add rule nat prerouting dnat to numgen inc mod 2 map { \ 0 : 192.168.10.100, \ 1 : 192.168.20.200 } which is great, to be able to generate a random number and use that to find one of X items from the Map. What would be really nice is if there was some way you could do: % nft add rule nat prerouting dnat to 192.168.10.(100+numgen inc mod 20) which would then do the same type of mapping as before, but going from 192.168.10.100-192.168.10.120, without needing to create a map and iterate through every value. Being able to do simple math in there as well, you could have 100+2*(numgen inc mod 20) or whatever to have it skip every two. or 2000:2000:A356::( numgen inc mod 65,536).ToHex() to have it generate an IPv6 address in that /64 block randomly. The ToHex() is just something I put out there, I figure there would be some way to write it in hex, or write the IPv6 address as a double, that could be accepted. I know this is a very niche situation, and not something supported, but just thought I'd bring it up.
