Re: nft snat with maps for port ranges?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

> Did you try?
>
> x.x.x.x:10000-10999,
> y.y.y.y:10000-10999,
> ....

If you mean:

meta l4proto tcp snat to jhash ip saddr mod 2 map {
  0 : IP1,
  1 : IP2
} : ip saddr map {
  10.1.1.1 : 10000-10999,
  10.1.1.2 : 10000-10999,
  ...
}

then yes, the error thrown is:
"Error: syntax error, unexpected -, expecting comma or '}'"


> Or port range as variable and set just for IPs
>
> nft .... saddr:$ports ...

Either I don't get what you're trying to suggest or it doesn't simplify
anything over iptables. I still need the same number of rules PLUS extra
variables (which could be replaced with inline expressions).

-- 
Best regards,
  Jacek Kowalski



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux