Intervals

From nftables wiki
Revision as of 19:56, 13 July 2016 by Pablo (talk | contribs) (Created page with "Intervals are expressed as value-value. The following example show how to drop the traffic coming the range 192.168.0.1 to 192.168.0.250: <source lang="bash"> % nft add rule...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Intervals are expressed as value-value.

The following example show how to drop the traffic coming the range 192.168.0.1 to 192.168.0.250: 

% nft add rule filter input ip daddr 192.168.0.1-192.168.0.250 drop

You can also use it with TCP ports: 

% nft add rule filter input tcp ports 1-1024 drop

And any sort of constant value.

You can also use intervals from sets, the following example shows how to blacklist two interval of IP addresses: 

% nft add rule ip filter input ip saddr { 192.168.1.1-192.168.1.200, 192.168.2.1-192.168.2.200 } drop

And you can also use them in dictionaries: 

% nft add rule ip filter forward ip daddr vmap { 192.168.1.1-192.168.1.200 : jump chain-dmz, 192.168.2.1-192.168.20.250 : jump chain-desktop }
Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Intervals&oldid=34"