Thank you for your answer! ср, 27 мар. 2024 г. в 16:16, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>: > > On Wed, Mar 27, 2024 at 03:36:19PM +0700, Vlad Tsisyk wrote: > > I have a set of pairs of MAC address and mask: > > > > aa:bb:cc:dd:ee:ff 00:ff:ff:ff:ff:ff > > You would like to match this? > > xx:bb:cc:dd:ee:ff Yes, I want to match those addresses, where the first byte can be anything. > that is: > > nft --debug=netlink add rule ip t c ether saddr and MASK == VALUE Sorry for my mistake. I swapped MASK and VALUE for no reason. > > But I have to create a new rule for each pair. Is there any > > workarounds to use sets? > > You can use ranges in sets. I was thinking about ranges, but ranges will not allow match over LSBs of MAC ignoring MSBs.