* Automatically maintaining unique list of addresses
@ 2020-02-19 7:44 Lars Noodén
2020-02-19 11:01 ` pauloric
0 siblings, 1 reply; 3+ messages in thread
From: Lars Noodén @ 2020-02-19 7:44 UTC (permalink / raw)
To: Linux Netfilter Users List
If I add an IP address multiple times, I end up with it in the ruleset
three times. Is there an easy way to try to add IP addresses such that
they aren't duplicated?
/Lars
$ sudo nft add rule ip filter4 input ip \
saddr 198.51.100.209 counter reject
$ sudo nft add rule ip filter4 input ip \
saddr 198.51.100.209 counter reject
$ sudo nft add rule ip filter4 input ip \
saddr 198.51.100.209 counter reject
$ sudo nft list ruleset| grep 51
ip saddr 198.51.100.209 counter packets 0 bytes 0 reject
ip saddr 198.51.100.209 counter packets 0 bytes 0 reject
ip saddr 198.51.100.209 counter packets 0 bytes 0 reject
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: Automatically maintaining unique list of addresses 2020-02-19 7:44 Automatically maintaining unique list of addresses Lars Noodén @ 2020-02-19 11:01 ` pauloric 2020-02-19 11:39 ` Lars Noodén 0 siblings, 1 reply; 3+ messages in thread From: pauloric @ 2020-02-19 11:01 UTC (permalink / raw) To: netfilter Hi You can use named sets ( https://wiki.nftables.org/wiki-nftables/index.php/Sets) or a dictionary...(https://wiki.nftables.org/wiki-nftables/index.php/Dictionaries) I think the best would be dictionaries...80) best regards ----- Mensagem original ----- De: "Lars Nood√©n" <lars.nooden@gmx.com> Para: "netfilter" <netfilter@vger.kernel.org> Enviadas: Quarta-feira, 19 de fevereiro de 2020 4:44:51 Assunto: Automatically maintaining unique list of addresses If I add an IP address multiple times, I end up with it in the ruleset three times. Is there an easy way to try to add IP addresses such that they aren't duplicated? /Lars $ sudo nft add rule ip filter4 input ip \ saddr 198.51.100.209 counter reject $ sudo nft add rule ip filter4 input ip \ saddr 198.51.100.209 counter reject $ sudo nft add rule ip filter4 input ip \ saddr 198.51.100.209 counter reject $ sudo nft list ruleset| grep 51 ip saddr 198.51.100.209 counter packets 0 bytes 0 reject ip saddr 198.51.100.209 counter packets 0 bytes 0 reject ip saddr 198.51.100.209 counter packets 0 bytes 0 reject -- Paulo Ricardo Bruck consultor tel 011 3596-4881 011 98140-9184(TIM/Whats) [ http://www.contatogs.com.br/ | http://www.contatogs.com.br ] gpg AAA59989 at wwwkeys.us.pgp.net skype: suportecontatogs ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Automatically maintaining unique list of addresses 2020-02-19 11:01 ` pauloric @ 2020-02-19 11:39 ` Lars Noodén 0 siblings, 0 replies; 3+ messages in thread From: Lars Noodén @ 2020-02-19 11:39 UTC (permalink / raw) To: netfilter On 2/19/20 1:01 PM, pauloric@contatogs.com.br wrote: > Hi > > You can use named sets ( https://wiki.nftables.org/wiki-nftables/index.php/Sets) > or > a dictionary...(https://wiki.nftables.org/wiki-nftables/index.php/Dictionaries) > > I think the best would be dictionaries...80) > > best regards Thanks. I figured that was the case but was also hoping that new chains could be defined with the equivalent of auto-merge. /Lars ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-02-19 11:39 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2020-02-19 7:44 Automatically maintaining unique list of addresses Lars Noodén 2020-02-19 11:01 ` pauloric 2020-02-19 11:39 ` Lars Noodén
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox