On Tue, Jan 30, 2024 at 10:39:57AM +0000, Kerin Millar wrote: > On Tue, 30 Jan 2024, at 10:17 AM, Daniel wrote: > > Hi, > > > > nft 1.06 Debian12. Is it possible in a set to combine ipv4 and ipv6 ? If > > not, does it exist another method to do this ? > > Combining is impossible. This is one of my pet peeves with nft, actually. For iptables, there was tooling like ferm which made it possible to write dual-stack rule sets very easily. This kind of tooling seems to be completely missing in the nftables world. Am I missing something here? > However, the value of an ipv6_addr element is permitted to be an IPv4-mapped IPv6 address. Does nft have a function to convert an IPv4 address to an IPv4-mapped address? Will the rule set do the intended thing? Is an ipv6 rule with an IPv4 mapped address fully equivalent with a proper IPv4 rule? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
