Re: ipset vs. nftables set

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 12, 2024 at 03:55:13PM +0100, Thomas Koeller wrote:
> Hi,
> 
> migrating my existing firewall setup from iptables + ipset to nftables, I ran into a problem.
> 
> The firewall uses an ipset containing ipv4 source addresses to implement a dynamic blacklist. There are multiple rules that use this
> ipset, and these rules are in chains that belong to different tables. This doesn't seem to be possible with nftables sets, that
> apparently always have to belong to one and only one table, is this correct? At least I couldn't figure out how to create a set that
> is accessible throughout the entire ruleset.

Then, unify your tables in one global inet table.




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux