On 23/09/2020 13:43, ѽ҉ᶬḳ℠ wrote:
Would it be possible to generate a set in 'table inet' based on 'saddr ct state invalid drop' and then utilise the same set in a 'table netdev rule', for offending saddr getting blocked early?
Tried some variations but none worked out and thus it seems deployment of sets across families is not supported. Though I reckon it would be a beneficial feature:
* mitigate repetition of same sets that are applicable for different families * gather set data in one family, e.g offenders' saddr from inet, and deploy such set in a rule in a different family, e.g. in netdev for blocking such offenders early on
