Replying to myself...
On Mon, Nov 1, 2021 at 3:46 PM Matt Zagrabelny <mzagrabe@xxxxxxxxx> wrote:
>
> Hello,
>
> I'd like to use the "inet" address family in a named set. I see nft
> supports the following address families [AF] (among others):
>
> ip IPv4 address family.
>
> ip6 IPv6 address family.
>
> inet Internet (IPv4/IPv6) address
> family.
I'm not sure nftables even would allow an "inet" to be used in a rule such as:
table inet filter {
chain input {
inet saddr { 127.0.0.1, ::1 } tcp dport 22 accept
}
}
Instead, it seems I must do:
table inet filter {
chain input {
ip saddr 127.0.0.1 tcp dport 22 accept
ip6 saddr ::1 tcp dport 22 accept
}
}
Why does inet not work in the way I am expecting it to?
Thanks for any answers!
-m
