search for: extra_allowed_incoming_tcp_ports

...et This concerns a minor usability issue that I noticed after evaluting some of the criticism in the GitHub issue referenced by bug 1434. In the GitHub issue, one critic complains that this sample ruleset does not work as expected: define BASE_ALLOWED_INCOMING_TCP_PORTS = {22, 80, 443} define EXTRA_ALLOWED_INCOMING_TCP_PORTS = {} table inet filter { chain input { type filter hook input priority 0; policy drop; tcp dport {$BASE_ALLOWED_INCOMING_TCP_PORTS, $EXTRA_ALLOWED_INCOMING_TCP_PORTS} ct state new counter accept } } Currently, this is not permitted by nft's parser. My first thought was...

...IP address" elements = { 1.1.1.1, 1.2.3.4 } } } You can also specify comments in tables and stateful objects (such as quota, limit and counters). * Support for defining empty sets in variables: define BASE_ALLOWED_INCOMING_TCP_PORTS = {22, 80, 443} define EXTRA_ALLOWED_INCOMING_TCP_PORTS = {} table inet x { chain y { type filter hook input priority 0; policy drop; ct state new tcp dport { $BASE_ALLOWED_INCOMING_TCP_PORTS, $EXTRA_ALLOWED_INCOMING_TCP_PORTS } counter accept } } * Allow to use variables in the log prefix string. define fo...

https://bugzilla.netfilter.org/show_bug.cgi?id=1434 Bug ID: 1434 Summary: Usability improvements, enabling creation of complex firewalls Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft