Re: ipset vs. nftables set

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 12, 2024 at 05:46:50PM +0000, Slavko wrote:
> On 12. novembra 2024 17:31:11 UTC, Kerin Millar <kfm@xxxxxxxxxxxxx> wrote:
> >On Tue, 12 Nov 2024, at 2:55 PM, Thomas Koeller wrote:
> 
> >Yes. Rules may only reference a named set from the enclosing table,
> 
> But one can have multiple hooks (chains) in one table, even with the
> same priority (i not suggest that). Thus one can combine multiple
> tables into one and share sets, eg. in raw & filter hooks.

Don't do that, please.

> Or one can mix iptables-nft with nftables, it requites more carefull
> settings (hardcoded iptables hook's priorities, flush, etc) but it
> works.

No, that is not a good idea.




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux