Intervals

From nftables wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Intervals are expressed as value-value.

The following rule drops incoming traffic addressed to the IP address interval 192.168.0.1 to 192.168.0.250: 

% nft add rule filter input ip daddr 192.168.0.1-192.168.0.250 drop

You can use intervals of any sort of constant value. This example uses a TCP port interval: 

% nft add rule filter input tcp ports 1-1024 drop

You can also use intervals from sets, the following example shows how to blacklist two intervals of IP addresses: 

% nft add rule ip filter input ip saddr { 192.168.1.1-192.168.1.200, 192.168.2.1-192.168.2.200 } drop

Intervals work the same way in verdict maps: 

% nft add rule ip filter forward ip daddr vmap { 192.168.1.1-192.168.1.200 : jump chain-dmz, 192.168.2.1-192.168.20.250 : jump chain-desktop }
Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Intervals&oldid=719"