* Automatically maintaining unique list of addresses
@ 2020-02-19 7:44 Lars Noodén
2020-02-19 11:01 ` pauloric
0 siblings, 1 reply; 3+ messages in thread
From: Lars Noodén @ 2020-02-19 7:44 UTC (permalink / raw)
To: Linux Netfilter Users List
If I add an IP address multiple times, I end up with it in the ruleset
three times. Is there an easy way to try to add IP addresses such that
they aren't duplicated?
/Lars
$ sudo nft add rule ip filter4 input ip \
saddr 198.51.100.209 counter reject
$ sudo nft add rule ip filter4 input ip \
saddr 198.51.100.209 counter reject
$ sudo nft add rule ip filter4 input ip \
saddr 198.51.100.209 counter reject
$ sudo nft list ruleset| grep 51
ip saddr 198.51.100.209 counter packets 0 bytes 0 reject
ip saddr 198.51.100.209 counter packets 0 bytes 0 reject
ip saddr 198.51.100.209 counter packets 0 bytes 0 reject
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Automatically maintaining unique list of addresses
2020-02-19 7:44 Automatically maintaining unique list of addresses Lars Noodén
@ 2020-02-19 11:01 ` pauloric
2020-02-19 11:39 ` Lars Noodén
0 siblings, 1 reply; 3+ messages in thread
From: pauloric @ 2020-02-19 11:01 UTC (permalink / raw)
To: netfilter
Hi
You can use named sets ( https://wiki.nftables.org/wiki-nftables/index.php/Sets)
or
a dictionary...(https://wiki.nftables.org/wiki-nftables/index.php/Dictionaries)
I think the best would be dictionaries...80)
best regards
----- Mensagem original -----
De: "Lars Noodén" <lars.nooden@gmx.com>
Para: "netfilter" <netfilter@vger.kernel.org>
Enviadas: Quarta-feira, 19 de fevereiro de 2020 4:44:51
Assunto: Automatically maintaining unique list of addresses
If I add an IP address multiple times, I end up with it in the ruleset
three times. Is there an easy way to try to add IP addresses such that
they aren't duplicated?
/Lars
$ sudo nft add rule ip filter4 input ip \
saddr 198.51.100.209 counter reject
$ sudo nft add rule ip filter4 input ip \
saddr 198.51.100.209 counter reject
$ sudo nft add rule ip filter4 input ip \
saddr 198.51.100.209 counter reject
$ sudo nft list ruleset| grep 51
ip saddr 198.51.100.209 counter packets 0 bytes 0 reject
ip saddr 198.51.100.209 counter packets 0 bytes 0 reject
ip saddr 198.51.100.209 counter packets 0 bytes 0 reject
--
Paulo Ricardo Bruck consultor
tel 011 3596-4881 011 98140-9184(TIM/Whats)
[ http://www.contatogs.com.br/ | http://www.contatogs.com.br ]
gpg AAA59989 at wwwkeys.us.pgp.net
skype: suportecontatogs
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Automatically maintaining unique list of addresses
2020-02-19 11:01 ` pauloric
@ 2020-02-19 11:39 ` Lars Noodén
0 siblings, 0 replies; 3+ messages in thread
From: Lars Noodén @ 2020-02-19 11:39 UTC (permalink / raw)
To: netfilter
On 2/19/20 1:01 PM, pauloric@contatogs.com.br wrote:
> Hi
>
> You can use named sets ( https://wiki.nftables.org/wiki-nftables/index.php/Sets)
> or
> a dictionary...(https://wiki.nftables.org/wiki-nftables/index.php/Dictionaries)
>
> I think the best would be dictionaries...80)
>
> best regards
Thanks. I figured that was the case but was also hoping that new chains
could be defined with the equivalent of auto-merge.
/Lars
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-02-19 11:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-19 7:44 Automatically maintaining unique list of addresses Lars Noodén
2020-02-19 11:01 ` pauloric
2020-02-19 11:39 ` Lars Noodén
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.