From: "Christoph A." <casmls@gmail.com>
To: Patrick McHardy <kaber@trash.net>
Cc: Netfilter Developer Mailing List
<netfilter-devel@vger.kernel.org>,
"Christoph A." <casmls@gmail.com>
Subject: Re: nftables: problem with sets (Object not found)
Date: Tue, 28 Jul 2009 22:13:50 +0200 [thread overview]
Message-ID: <4A6F5BFE.9070807@gmail.com> (raw)
In-Reply-To: <4A6EEDBA.3010505@trash.net>
[-- Attachment #1.1: Type: text/plain, Size: 808 bytes --]
On 28.07.2009 14:23, Patrick McHardy wrote:
> I never pushed out the userspace changes for the new set API.
> I just pushed out all the changes that should be needed, please
> update your trees and try again.
>
pulled, compiled, works.
thanks!
Christoph A.
nft -f main1
insert: [c0a80100 c0a801ff]
insert: [2020202 2020202]
insert: [c0a83801 c0a83801]
iter: [2020202 2020202]
iter: [c0a80100 c0a801ff]
iter: [c0a83801 c0a83801]
list: [00000000 02020201]
list: [02020202 02020202]
list: [02020203 c0a800ff]
list: [c0a80100 c0a801ff]
list: [c0a80200 c0a83800]
list: [c0a83801 c0a83801]
list: [c0a83802 ffffffff]
{ 0.0.0.0, 2.2.2.2, 2.2.2.3, 192.168.1.0, 192.168.2.0, 192.168.56.1,
192.168.56.2}
(I guess the second IPs ...2.3, ..2.0, ..56.2 are the upper bound of the
range)
[-- Attachment #1.2: main1 --]
[-- Type: text/plain, Size: 673 bytes --]
define sshclient = 192.168.56.1
define foo = 2.2.2.2
define localnet = 192.168.1.0/24
define allowed_ssh_hosts = { $sshclient, $foo, $localnet }
define sshport = 22
define httpport = 999
flush table filter
delete table filter
table filter {
chain input {
hook NF_INET_LOCAL_IN 0
ct state related,established accept
#ip saddr { $sshclient, $foo, $localnet } tcp dport $sshport ct state new accept
ip saddr $allowed_ssh_hosts tcp dport $sshport ct state new accept
ip saddr $sshclient tcp dport $httpport ct state new accept
drop
}
chain output {
hook NF_INET_LOCAL_OUT 0
ct state related,established accept
drop
}
}
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
prev parent reply other threads:[~2009-07-28 20:16 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-24 18:26 nftables: problem with sets (Object not found) Christoph A.
2009-07-28 12:23 ` Patrick McHardy
2009-07-28 13:53 ` Patrick McHardy
2009-07-28 20:13 ` Christoph A. [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A6F5BFE.9070807@gmail.com \
--to=casmls@gmail.com \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.