pgnd <pgnd@xxxxxxxxxxxx> wrote:
> table nat {
> chain prerouting {
> type nat hook prerouting priority -150; policy accept;
>
> # SET1
> meta mark set 0x02 meta iifname "$VPN" meta oifname "$LAN" ip daddr $SVR1 udp dport 53
> meta mark set 0x02 meta iifname "$VPN" meta oifname "$LAN" ip daddr $SVR1 tcp dport 53
> meta mark set 0x02 meta iifname "$VPN" meta oifname "$LAN" ip daddr $SVR2 udp dport 25
> meta mark set 0x02 meta iifname "$VPN" meta oifname "$LAN" ip daddr $SVR2 tcp dport 465
>
> # SET2 (This seem a bit tortured, but it's fewer lines ...)
> meta mark set 0x02 meta iifname "$VPN" meta oifname "$LAN" ip daddr $SVR1 meta l4proto {tcp, udp} th dport 53
> meta mark set 0x02 meta iifname "$VPN" meta oifname "$LAN" ip daddr $SVR2 tcp dport { 25, 465 }
>
> # SET3
> meta mark set 0x02 {
> 24 meta iifname "$VPN" meta oifname "$LAN" ip daddr $SVR1 meta l4proto {tcp, udp} th dport 53
> 25 meta iifname "$VPN" meta oifname "$LAN" ip daddr $SVR2 tcp dport { 25, 465 }
> 26 }
> 27
> 28 }
> 29 }
>
>
> rule group "SETs" 1, 2 & 3 are _intended_ to be functionally equivalent, but simply increasingly "grouped" for convenience/readability (yes, arguable!)
>
> testing, SET1 & SET2 seem OK, but SET3 is clearly unhappy,
>
> nft -c -f tmp.nft
> tmp.nft:24:4-7: Error: syntax error, unexpected meta
> meta iifname "$VPN" meta oifname "$LAN" ip daddr $SVR1 meta l4proto {tcp, udp} th dport 53
> ^^^^
> tmp.nft:29:1-1: Error: syntax error, unexpected '}'
> }
> ^
>
> what's specifically DISallowed in my SET3 syntax usage?
Missing 'jump' or 'goto' keyword: meta mark set 2 jump { meta ...
