On 9/25/2021 12:06 AM, Simon Kelley wrote:
On 22/08/2021 13:57, Chen Zhenge via Dnsmasq-discuss wrote:
Hi all,
I am trying to switch my firewall setup from iptables to nftables. One
of the remaining parts that still doesn't support it is dnsmasq, so I
wrote a patch to allow adding IP addresses to nftables sets in addition
to ipsets.
This patch adds a new option --nftset, which is the same as --ipset
except that it adds IP address to a given nftables set. It uses
libnftables to perform the operations.
I've done some testing on my PC and found no issues so far. The
implementation shares most of its code with ipset so it should be easy
to review. Please let me know if you have found a bug or need something
else.
Best,
Chen Zhenge
OK, this got back to the top of the list, for 2.87, as I promised.
One problem is that nft sets can hold either IPv4 or IPv6 addresses, but
not both, so do we need some sort of syntax to specify if a particular
set should be for IPv4 or IPv6 addresses? Or have I misunderstood?
The mandatory 'type' of the set will determine if IPv4/v6 is used (1).
1)
https://wiki.nftables.org/wiki-nftables/index.php/Sets#Named_sets_specifications
--
John Doe
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
