diff options
author | Patrick McHardy <kaber@trash.net> | 2009-07-28 14:17:35 +0200 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2009-07-28 14:17:35 +0200 |
commit | ebfd6822498965cdb9961ec1a986f0463de5c9c0 (patch) | |
tree | 9420686a2b0b1adb62734cf889734301136d93f1 /files | |
parent | 414fa58ae9f283c35c8510fc31f28ba77bb5fdf5 (diff) |
add support for new set API and standalone sets
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'files')
-rwxr-xr-x | files/examples/sets_and_maps | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/files/examples/sets_and_maps b/files/examples/sets_and_maps new file mode 100755 index 00000000..8dfe9f83 --- /dev/null +++ b/files/examples/sets_and_maps @@ -0,0 +1,53 @@ +#! /sbin/nft -nf +# +# Examples of set and map usage +# + +# symbolic anonymous set definition built from symbolic singleton definitions +define int_if1 = eth0 +define int_if2 = eth1 +define int_ifs = { $int_if1, $int_if2 } + +define ext_if1 = eth2 +define ext_if2 = eth3 +define ext_ifs = { $ext_if1, $ext_if2 } + +# recursive symbolic anonymous set definition +define local_ifs = { $int_ifs, $ext_ifs } + +# symbolic anonymous set definition +define tcp_ports = { ssh, domain, https, 123-125 } + +delete table filter +table filter { + # named set of type ifindex + set local_ifs { + type ifindex + } + + # named map of type ifindex => ipv4_address + map nat_map { + type ifindex => ipv4_address + } + + map jump_map { + type ifindex => verdict + } + + chain input_1 { counter; } + chain input_2 { counter; } + chain input { + hook NF_INET_LOCAL_IN 0 + + # symbolic anonymous sets + meta iif $local_ifs tcp dport $tcp_ports counter + + # literal anonymous set + meta iif { eth0, eth1 } counter + + meta iif @local_ifs counter + meta iif vmap @jump_map + + #meta iif vmap { eth0 => jump input1, eth1 => jump input2 } + } +} |