[Bug 1434] Usability improvements, enabling creation of complex firewalls
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Wed Aug 26 12:45:22 CEST 2020
https://bugzilla.netfilter.org/show_bug.cgi?id=1434
--- Comment #2 from kfm at plushkava.net ---
Another comment raises the complaint that it is not possible to write a single
rule that references multiple ports while having counters for each. This is now
incorrect, provided that a named set is used. For example:-
table inet filter {
set incoming_tcp_ports {
type inet_service
counter
elements = { 20, 80, 443 }
}
chain input {
type filter hook input priority 0; policy drop;
tcp dport @incoming_tcp_ports ct state new counter accept
}
}
Note the presence of the counter flag. To use this feature, both nftables
>=0.9.5 and Linux >=5.7 are required.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200826/2a05ccb6/attachment.html>
More information about the netfilter-buglog
mailing list