Am 20.05.22 um 13:04 schrieb Andrew Clark:
But, probably not like this
nft add rule ip filter output ip daddr != {@akamai, @stromwall} accept
In such a scenario I would suggest a new chain from which you return
with multiple rules in case the IPs match against the sets. The last
rule of the chain then redirects to the Tor network.
Regards
--
Robert Sander
Heinlein Consulting GmbH
Schwedter Str. 8/9b, 10119 Berlin
http://www.heinlein-support.de
Tel: 030 / 405051-43
Fax: 030 / 405051-19
Zwangsangaben lt. §35a GmbHG:
HRB 220009 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin
