Am 23.03.20 um 12:46 schrieb Pablo Neira Ayuso: > On Sun, Mar 22, 2020 at 05:36:47PM +0100, Reindl Harald wrote: >> >> >> Am 22.03.20 um 15:43 schrieb Frank Myhr: >>> nftables has its own concept of sets: >>> https://wiki.nftables.org/wiki-nftables/index.php/Sets >>> >>> I don't know of a way to use ipset with nftables >> >> well, that's a showstopper for even consider switch to nftables given >> the amount of code maintainig ipsets from shell scripts *because* they >> live outside of the ruleset > > Probably you can keep your set configuration in a separated file, e.g. no, i spent hundrets to thousands of hours for a setup which runs unaltered on a rsync clone within a nested ESXi for a 100% simulation for autotests and there is way more magic than "put them in seperated files" no way that i ever touch nftables when i have to a full year work again and hopefully "iptables" stays for a long time {LAN_BASE_IPV4} depends on a shell variable which depends on $HOSTNAME and so on...... [root@firewall:/scripts/firewall]$ cat ipset_ADMIN_CLIENTS.txt # Supported: # - Single IP (192.168.1.1) # - CIDR-Ranges (192.168.1.0/24) # - From-To (192.168.1.10-192.168.1.20) # # Substitution: # - {LAN_BASE_IPV4} # - {WAN_BASE_IPV4} # - {IPV6_PREFIX} {LAN_BASE_IPV4}.244 {LAN_BASE_IPV4}.103
