[Dnsmasq-discuss] Using nftables internal "ipset" rule
Ronaldo Afonso
ronaldo at ronaldoafonso.com.br
Thu Apr 28 22:29:22 BST 2016
Hi,
I'm using the "ipset" feature of dnsmasq with iptables and it's working
perfectly.
The think is ... now I need to change my firewall to nftables and I just
found that nftables is not able to access an "external ipset set". The
nftables has is own kind of "internal ipset set of rules".
I know that dnsmasq uses an netlink socket to insert ipset rules inside
the linux kernel netfilter subsystem.
So I was wandering if it is so complicated to use that same netlink
socket to include "dnsmasq ipset rules" directly in the "nftables rule set"
instead of in an "external ipset set".
Some think like this: nft add element filter ip_writelist { some_ip_address
}
Of course the "nftable ipset rule" must already be created. Just like an
external ipset rule.
Would it be a nice feature since nftables seems to be far from supporting
an external ipset rule?
Thanks ...
--
Ronaldo Afonso
11 9 5252 0484
www.ronaldoafonso.com.br
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20160428/2633097d/attachment.html>
More information about the Dnsmasq-discuss
mailing list