Hi all
I have question about "SET"
I read this block on manpage:
>
> Using anonymous sets to accept particular subnets and ports.
>
>
> nft add rule filter input ip saddr { 10.0.0.0/8, 192.168.0.0/16 } tcp dport { 22, 443 } accept
>
> Named sets are sets that need to be defined first before they can be referenced in rules. Unlike anonymous sets, elements can be added to or removed from a named set at any time. Sets are referenced from rules using an @ prefixed to the sets name.
>
> Using named sets to accept addresses and ports.
>
>
> nft add rule filter input ip saddr @allowed_hosts tcp dport @allowed_ports accept
But i can't use network how elements in set. because only ipv4_addr or
ipv6_addr types are supported.
How can I do it in other way?
I need to check large lists of networks ( more than 40k in one list )
I used to do this with ipset:
Example:
create net_allow hash:net family inet hashsize 1024 maxelem 65536
add net_allow X.X.X.X/X
I am trying this with "vmap".but it doesn’t look very easy and I need
to use "jump" in rules
Regards
Ivan
P.S. Sorry for my English
