Intervals: Difference between revisions

Latest revision as of 23:36, 15 February 2021

Intervals are expressed as value-value.

The following rule drops incoming traffic addressed to the IP address interval 192.168.0.1 to 192.168.0.250:

% nft add rule filter input ip daddr 192.168.0.1-192.168.0.250 drop

You can use intervals of any sort of constant value. This example uses a TCP port interval:

% nft add rule filter input tcp ports 1-1024 drop

You can also use intervals from sets, the following example shows how to blacklist two intervals of IP addresses:

% nft add rule ip filter input ip saddr { 192.168.1.1-192.168.1.200, 192.168.2.1-192.168.2.200 } drop

Intervals work the same way in verdict maps:

% nft add rule ip filter forward ip daddr vmap { 192.168.1.1-192.168.1.200 : jump chain-dmz, 192.168.2.1-192.168.20.250 : jump chain-desktop }

@@ Line 1: / Line 1: @@
 Intervals are expressed as value-value.
-The following example show how to drop the traffic coming the range 192.168.0.1 to 192.168.0.250:
+The following rule drops incoming traffic addressed to the IP address interval 192.168.0.1 to 192.168.0.250:
 <source lang="bash">
@@ Line 7: / Line 7: @@
 </source>
-You can also use it with TCP ports:
+You can use intervals of any sort of constant value. This example uses a TCP port interval:
 <source lang="bash">
@@ Line 13: / Line 13: @@
 </source>
-And any sort of constant value.
+You can also use intervals from [[sets]], the following example shows how to blacklist two intervals of IP addresses:
-You can also use intervals from [[sets]], the following example shows how to blacklist two interval of IP addresses:
 <source lang="bash">
@@ Line 21: / Line 19: @@
 </source>
-And you can also use them in [[dictionaries]]:
+Intervals work the same way in [[Verdict_Maps_(vmaps) | verdict&nbsp;maps]]:
 <source lang="bash">
 % nft add rule ip filter forward ip daddr vmap { 192.168.1.1-192.168.1.200 : jump chain-dmz, 192.168.2.1-192.168.20.250 : jump chain-desktop }
 </source>