Great Frank that helps! I had another idea of mark tcp and udp packets with the same mare in prerouting and then use mark in the rule. Any downsides with this solution compared to payload expression? Regards. > On March 22, 2020 3:17 PM Frank Myhr <fmyhr@xxxxxxxxxxx> wrote: > > > On 2020/03/22 09:40, Darius wrote: > > Hi, I can't find the way to make one rule matching packets with the > > same dport either on tcp or udp. So far I have rules like this: > > > > ip protocol tcp tcp dport 2000 counter accept ip protocol udp udp > > dport 2000 counter accept > > > > I would like to have one rule instead. I couldn't find the way to do > > it with intervals or maps because dport statement must go together > > with tcp or udp. > > Hi Darius, > > Please see: > https://www.mankier.com/8/nft#Payload_Expressions-Raw_Payload_Expression > > and this very recent thread: > https://marc.info/?l=netfilter&m=158472251109859&w=2 > > Best regards, > Frank
Attachment:
signature.asc
Description: PGP signature
