Re: nft named set address types

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 15 Nov 2021 11:40:43 -0600
Matt Zagrabelny <mzagrabe@xxxxxxxxx> wrote:

> I see there is an icmpx for reject packets. Is there something
> equivalent for destination packets?
> 
> I've tried:
> 
> table inet filter {
>     chain icmp_ipv4 {
>         ip  saddr $icmp_networks_ipv4 accept
>     }
> 
>     chain icmp_ipv6 {
>         ip6 saddr $icmp_networks_ipv6 accept
>     }
> 
>     chain input {
>         meta protocol {icmp, icmpv6} vmap {
>             icmp: jump icmp_ipv4,
>             icmpv6: jump icmp_ipv6,
>         }
>     }
> }

This is definitely nonsensical syntax. Try "meta protocol vmap" instead.

-- 
Kerin Millar
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux