On 2020/03/22 09:40, Darius wrote:
Hi, I can't find the way to make one rule matching packets with the same dport either on tcp or udp. So far I have rules like this: ip protocol tcp tcp dport 2000 counter accept ip protocol udp udp dport 2000 counter accept I would like to have one rule instead. I couldn't find the way to do it with intervals or maps because dport statement must go together with tcp or udp.
Hi Darius, Please see: https://www.mankier.com/8/nft#Payload_Expressions-Raw_Payload_Expression and this very recent thread: https://marc.info/?l=netfilter&m=158472251109859&w=2 Best regards, Frank
