Hi,
> Did you try?
>
> x.x.x.x:10000-10999,
> y.y.y.y:10000-10999,
> ....
If you mean:
meta l4proto tcp snat to jhash ip saddr mod 2 map {
0 : IP1,
1 : IP2
} : ip saddr map {
10.1.1.1 : 10000-10999,
10.1.1.2 : 10000-10999,
...
}
then yes, the error thrown is:
"Error: syntax error, unexpected -, expecting comma or '}'"
> Or port range as variable and set just for IPs
>
> nft .... saddr:$ports ...
Either I don't get what you're trying to suggest or it doesn't simplify
anything over iptables. I still need the same number of rules PLUS extra
variables (which could be replaced with inline expressions).
--
Best regards,
Jacek Kowalski
