nftables: defining variables containing ipv6 adresses

nftables: defining variables containing ipv6 adresses

[Thomas Weberstaedt]

Hi,

I am wondering, how may I define IPv6 variables?

The obvious idea:

define IP6PREFIX = fdaa:bbbb:cccc:dddd

produces an error:

/etc/nftables/setup.conf:7:29-29: Error: syntax error,
unexpected colon, expecting newline or semicolon

define IP6PREFIX = fdaa:bbbb:cccc:dddd
                            ^

What would be the proper way to do so? Any documentation on this?

Thanks

Ede

Re: nftables: defining variables containing ipv6 adresses

[Oliver O'Boyle]

You need to use a valid ipv6 address. E.g.:

define IP6ADDR = 2607:f8b0:400b:80f::2004    <-- a single address with no CIDR
define IP6PREFIX = 2607:f8b0:400b:80f::/64       <-- prefix with CIDR

If you're referencing the IP6PREFIX variable in a set, then you need
to set the interval flag in the set. E.g.:

set IP6PREFIX_SET {
    type ipv6_addr
    flags interval
    elements = {
        $IP6PREFIX
    }
}

otherwise you do not need the interval flag for single addresses:

set IP6ADDR_SET {
    type ipv6_addr
    elements = {
        $IP6ADDR
    }
}

Oliver


On Thu, May 21, 2020 at 6:38 AM Thomas Weberstaedt
<thomas.weberstaedt@nebelschwaden.de> wrote:
>
> Hi,
>
> I am wondering, how may I define IPv6 variables?
>
> The obvious idea:
>
> define IP6PREFIX = fdaa:bbbb:cccc:dddd
>
> produces an error:
>
> /etc/nftables/setup.conf:7:29-29: Error: syntax error,
> unexpected colon, expecting newline or semicolon
>
> define IP6PREFIX = fdaa:bbbb:cccc:dddd
>                             ^
>
> What would be the proper way to do so? Any documentation on this?
>
> Thanks
>
> Ede



-- 
:o@>

Re: nftables: defining variables containing ipv6 adresses

[Ede Wolf]

Thanks very much. Works now. I would not have expected nftables to do a 
semantical check, I believed, I'd had a syntax error somewhere and had 
put the cidr in the rule, not the variable definition

Ede


Am 21.05.20 um 19:29 schrieb Oliver O'Boyle:
> You need to use a valid ipv6 address. E.g.:
> 
> define IP6ADDR = 2607:f8b0:400b:80f::2004    <-- a single address with no CIDR
> define IP6PREFIX = 2607:f8b0:400b:80f::/64       <-- prefix with CIDR
> 
> If you're referencing the IP6PREFIX variable in a set, then you need
> to set the interval flag in the set. E.g.:
> 
> set IP6PREFIX_SET {
>      type ipv6_addr
>      flags interval
>      elements = {
>          $IP6PREFIX
>      }
> }
> 
> otherwise you do not need the interval flag for single addresses:
> 
> set IP6ADDR_SET {
>      type ipv6_addr
>      elements = {
>          $IP6ADDR
>      }
> }
> 
> Oliver
> 
> 
> On Thu, May 21, 2020 at 6:38 AM Thomas Weberstaedt
> <thomas.weberstaedt@nebelschwaden.de> wrote:
>>
>> Hi,
>>
>> I am wondering, how may I define IPv6 variables?
>>
>> The obvious idea:
>>
>> define IP6PREFIX = fdaa:bbbb:cccc:dddd
>>
>> produces an error:
>>
>> /etc/nftables/setup.conf:7:29-29: Error: syntax error,
>> unexpected colon, expecting newline or semicolon
>>
>> define IP6PREFIX = fdaa:bbbb:cccc:dddd
>>                              ^
>>
>> What would be the proper way to do so? Any documentation on this?
>>
>> Thanks
>>
>> Ede
> 
> 
>