[Bug 1687] Define set of set with in ipset list:sets
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Mon Jun 5 20:19:51 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1687
--- Comment #2 from wcts <willyam.android at gmail.com> ---
(In reply to Phil Sutter from comment #1)
> Not planned per se. If you use anonymous sets, they are merged
> automatically. E.g.:
>
> ip saddr { { 1.1.1.1, 2.2.2.2 }, { 3.3.3.3, 4.4.4.4 } }
>
> The example is non-sense, but you may use defines to "refer" to sets in a
> rule.
>
> A classic workaround for your example rule though is:
>
> ip6 saddr @FR drop
> ip6 saddr @MC drop
> ip6 saddr @CH drop
>
> You could put this into a separate chain for convenience.
Right, if i went by example separate per continent, i would have to create
multiples rules. In the ipset we have the type "list", so I ask if there is any
implementation plan from lists with available in ipset.
I understand that in this example case I could create a list with the multiple
countries that make up the continent. But it would be very useful to reuse the
sets already instanced in nftables and just reference them directly in a single
rule instead of applying multiple rules.
Thanks for attention.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230605/8b284a2a/attachment.html>
More information about the netfilter-buglog
mailing list