[Dnsmasq-discuss] [PATCH] Add nftables set support

Chen Zhenge me at markle.one
Sun Aug 22 12:57:11 UTC 2021


Hi all,


I am trying to switch my firewall setup from iptables to nftables. One 
of the remaining parts that still doesn't support it is dnsmasq, so I 
wrote a patch to allow adding IP addresses to nftables sets in addition 
to ipsets.


This patch adds a new option --nftset, which is the same as --ipset 
except that it adds IP address to a given nftables set. It uses 
libnftables to perform the operations.


I've done some testing on my PC and found no issues so far. The 
implementation shares most of its code with ipset so it should be easy 
to review. Please let me know if you have found a bug or need something 
else.


Best,

Chen Zhenge
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-nftables-set-support.patch
Type: text/x-patch
Size: 19214 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210822/02c9d740/attachment.bin>


More information about the Dnsmasq-discuss mailing list