Have you tried vmap?
VMAP STATEMENT
The verdict map (vmap) statement works analogous to the map statement, but contains verdicts as values.
expression vmap { VMAP_ELEMENTS }
VMAP_ELEMENTS := VMAP_ELEMENT [, VMAP_ELEMENTS]
VMAP_ELEMENT := key : verdict
Using the vmap statement.
# jump to different chains depending on layer 4 protocol type:
nft add rule ip filter input ip protocol vmap { tcp : jump tcp-chain, udp : jump udp-chain , icmp : jump icmp-chain }
On 4/19/24 10:55, William N. wrote:
Is it possible to combine, e.g.:
tcp flags fin,syn / fin,syn drop
tcp flags syn,rst / syn,rst drop
tcp flags fin,rst / fin,rst drop
tcp flags fin / fin,ack drop
into something like:
tcp flags {
fin,syn / fin,syn,
syn,rst / syn,rst,
fin,rst / fin,rst,
fin / fin,ack
} drop
just using some correct syntax?
--
Send unsolicited bulk mail to carle34@xxxxxxxxxxxx
