blob: 0bcd95622a9859c0bb6c5cd99c66f1dc7dcacec2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
#!/bin/bash
set -e
RULESET="table ip x {
chain y {
meta iifname eth1 ip saddr 1.1.1.1 ip daddr 2.2.2.3 accept
meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.2.4 accept
meta iifname eth2 ip saddr 1.1.1.3 ip daddr 2.2.2.5 accept
ip protocol . th dport { tcp . 22, udp . 67 }
}
}"
$NFT -o -f - <<< $RULESET
RULESET="table ip x {
chain c1 {
udp dport 51820 iifname "foo" accept
udp dport { 67, 514 } iifname "bar" accept
}
chain c2 {
udp dport { 51820, 100 } iifname "foo" accept
udp dport { 67, 514 } iifname "bar" accept
}
chain c3 {
udp dport { 51820, 100 } iifname { "foo", "test" } accept
udp dport { 67, 514 } iifname "bar" accept
}
}"
$NFT -o -f - <<< $RULESET
|