On 13/05/2020 18:40, Іван Щербей wrote:
Hi all I have question about "SET" I read this block on manpage:Using anonymous sets to accept particular subnets and ports. nft add rule filter input ip saddr { 10.0.0.0/8, 192.168.0.0/16 } tcp dport { 22, 443 } accept Named sets are sets that need to be defined first before they can be referenced in rules. Unlike anonymous sets, elements can be added to or removed from a named set at any time. Sets are referenced from rules using an @ prefixed to the sets name. Using named sets to accept addresses and ports. nft add rule filter input ip saddr @allowed_hosts tcp dport @allowed_ports acceptBut i can't use network how elements in set. because only ipv4_addr or ipv6_addr types are supported.
For named sets, ensure that the "interval" flag is present. See the discussion that occurred in the following bug:
https://bugzilla.netfilter.org/show_bug.cgi?id=1380 -- Kerin Millar
