On 2020/03/09 15:14, Florian Westphal wrote:
Frank Myhr <fmyhr@xxxxxxxxxxx> wrote:
Is there a recommended way to test whether an element is a member of an
nftables set?
nft get element inet filter foo "{ 1.2.3.4 }"
Florian,
Fantastic! Just what I was looking for but didn't find in the man page.
Just searched wiki, found a reference to it here:
https://wiki.nftables.org/wiki-nftables/index.php/List_of_updates_since_Linux_kernel_3.13
So kernel >= 4.15 is needed. Debian buster or stretch-backports will do.
I tested, and it works properly for interval sets (at least with type
ipv4_addr, don't see why others would be different).
Thanks!
Frank
