Re: Are there nft set limits?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yes. It is. Thanks a lot for let me understand better nfttables.

Xavier

On Thu, 8 Feb 2024 16:32:19 +0100
Florian Westphal <fw@xxxxxxxxx> ha escrit:

> Xavier B. <somenxavier@xxxxxxxxxx> wrote:
> > Hi,
> > 
> > I have an artix instance with nfttables there. I have several rules (attached file) but mainly I have a set of ip addresses I want to ban:
> > 
> > table inet my_table {
> > 
> >    set badips {
> >        type ipv4_addr
> >        flags interval
> >        auto-merge
> >        elements = {1.0.147.18 }
> >    }
> > 
> > chain my_input {
> >                 ...
> >                 ip saddr @badips drop comment "[nftables] Block ban IP"
> >                 ...
> >         }
> > ...
> > }
> > 
> > Until now, when I add some new IP to my badips set, everything is fine, but today is not:
> > 
> > # nft add element inet my_table badips { 198.199.104.80 }
> > # nft list ruleset | grep 198.199.104.80
> 
> automerge is on.  Please try
> 
> nft get element inet my_table badips { 198.199.104.80 }
> It should give:
> 198.199.64.0/18
> 
> which includes this address.




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux