Re: ipset vs. nftables set

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12. novembra 2024 17:31:11 UTC, Kerin Millar <kfm@xxxxxxxxxxxxx> wrote:
>On Tue, 12 Nov 2024, at 2:55 PM, Thomas Koeller wrote:

>Yes. Rules may only reference a named set from the enclosing table,

But one can have multiple hooks (chains) in one table, even with the
same priority (i not suggest that). Thus one can combine multiple
tables into one and share sets, eg. in raw & filter hooks.

Or one can mix iptables-nft with nftables, it requites more carefull
settings (hardcoded iptables hook's priorities, flush, etc) but it
works.

regards


-- 
Slavko
https://www.slavino.sk/





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux