Intervals

From nftables wiki
Revision as of 18:56, 13 July 2016 by Pablo (talk | contribs) (Created page with "Intervals are expressed as value-value. The following example show how to drop the traffic coming the range 192.168.0.1 to 192.168.0.250: <source lang="bash"> % nft add rule...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Intervals are expressed as value-value.

The following example show how to drop the traffic coming the range 192.168.0.1 to 192.168.0.250:

% nft add rule filter input ip daddr 192.168.0.1-192.168.0.250 drop

You can also use it with TCP ports:

% nft add rule filter input tcp ports 1-1024 drop

And any sort of constant value.

You can also use intervals from sets, the following example shows how to blacklist two interval of IP addresses:

% nft add rule ip filter input ip saddr { 192.168.1.1-192.168.1.200, 192.168.2.1-192.168.2.200 } drop

And you can also use them in dictionaries:

% nft add rule ip filter forward ip daddr vmap { 192.168.1.1-192.168.1.200 : jump chain-dmz, 192.168.2.1-192.168.20.250 : jump chain-desktop }