On 15/11/2021 18:40, Matt Zagrabelny wrote:
> I've tried:
>
> table inet filter {
> chain icmp_ipv4 {
> ip saddr $icmp_networks_ipv4 accept
> }
>
> chain icmp_ipv6 {
> ip6 saddr $icmp_networks_ipv6 accept
> }
>
> chain input {
> meta protocol {icmp, icmpv6} vmap {
> icmp: jump icmp_ipv4,
> icmpv6: jump icmp_ipv6,
> }
> }
> }
This is simply incorrect syntax. You need it like this, I believe:
<value> `vmap` {map with verdicts}
e.g.
table inet testfilter {
chain icmp_ipv4 {
accept
}
chain icmp_ipv6 {
accept
}
chain input {
meta protocol vmap {
icmp: jump icmp_ipv4,
icmpv6: jump icmp_ipv6,
}
}
}
Regards,
Eugene
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
