Yes, that's what I want
Thank you very much.
ср, 13 мая 2020 г. в 21:39, <kfm@xxxxxxxxxxxxx>:
>
> On 13/05/2020 18:40, Іван Щербей wrote:
> > Hi all
> >
> > I have question about "SET"
> >
> > I read this block on manpage:
> >>
> >> Using anonymous sets to accept particular subnets and ports.
> >>
> >>
> >> nft add rule filter input ip saddr { 10.0.0.0/8, 192.168.0.0/16 } tcp dport { 22, 443 } accept
> >>
> >> Named sets are sets that need to be defined first before they can be referenced in rules. Unlike anonymous sets, elements can be added to or removed from a named set at any time. Sets are referenced from rules using an @ prefixed to the sets name.
> >>
> >> Using named sets to accept addresses and ports.
> >>
> >>
> >> nft add rule filter input ip saddr @allowed_hosts tcp dport @allowed_ports accept
> >
> >
> > But i can't use network how elements in set. because only ipv4_addr or
> > ipv6_addr types are supported.
>
> For named sets, ensure that the "interval" flag is present. See the
> discussion that occurred in the following bug:
>
> https://bugzilla.netfilter.org/show_bug.cgi?id=1380
>
> --
> Kerin Millar
