[Bug 1434] Usability improvements, enabling creation of complex firewalls
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Fri Aug 28 12:56:23 CEST 2020
https://bugzilla.netfilter.org/show_bug.cgi?id=1434
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Regarding this one:
> https://github.com/MaxKellermann/ferm/issues/35#issuecomment-486644235
This patch will be available in the next nftables release. This requires a
kernel >= 5.9-rc1.
commit c330152b7f7779f15dba3e0862bf5616e7cb3eab
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sat Jul 4 02:43:44 2020 +0200
src: support for implicit chain bindings
This patch allows you to group rules in a subchain, e.g.
table inet x {
chain y {
type filter hook input priority 0;
tcp dport 22 jump {
ip saddr { 127.0.0.0/8, 172.23.0.0/16,
192.168.13.0/24 } accept
ip6 saddr ::1/128 accept;
}
}
}
This also supports for the `goto' chain verdict.
BTW: Thanks for splitting this long report into several reports into
independent bugzilla tickets for easier tracking.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200828/9a255eca/attachment.html>
More information about the netfilter-buglog
mailing list