Then, this:
table inet filter {
map forward_udp.lan {
type ipv6_addr . inet_service : interval ipv6_addr . inet_service
flags interval
elements = { 2001:db8::1 . 20000-24999 : 2001:db8:16e:10::ffee . 20000-24999 }
}
chain y {
ip6 daddr . udp dport @forward_udp.lan
}
}
Note that you require a Linux kernel >= 6.4 which contains this fix:
commit a4878eeae39048e6abe85891c714b49dc13fc08c
Author: Florian Westphal <fw@xxxxxxxxx>
Date: Fri May 12 14:19:47 2023 +0200
netfilter: nf_tables: relax set/map validation checks
Probably there is a chance to request to enqueue this for -stable,
because a simple look up on a map is something that should be working
since day 0.
No 'map' keyword, such keyword is only required when you want to make a
map lookup, e.g.
dnat ip6 to ip6 daddr . udp dport map @forward_udp.lan
^^^^^^^^^^^^^^^^^^^^^
then you make a map lookup using the key above.
