Re: How to concatenate subnet with port in a set?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2021/03/16 11:34, etkaar wrote:

Hello!
I am currently using <nftables v0.9.0 (Fearless Fosdick)> on Debian 10 (Buster). For a whitelist, I thought about a set like this:
1> set whitelist_ipv4_tcp {2>     type inet_service . ipv4_addr3>     elements = {4>      22 . 255.255.255.255,5>      22 . 255.255.255.0/246>     }7> }
You can see, that on line 5 I used a port concatenated by an IPv4 subnet. Unfortunately, this will not work. I could use subnets, but only as a simple unconcatenated set.
My question is: When will it be possible to concatenate subnets with different types such as inet_service (= port) in sets? Or is it already possible in a newer version than 0.9.0?


Hi Etkaar,

https://marc.info/?l=netfilter&m=158575148505527&w=2
nftables 0.9.4 / Linux kernel 5.6 added support for ranges in concatenations. 

Best Wishes,
Frank
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux