[Dnsmasq-discuss] [PATCH] Add nftables set support

Simon Kelley simon at thekelleys.org.uk
Mon Aug 30 11:05:55 UTC 2021


This looks interesting, and satisfies requests for this facility. Thanks.

I think it's too big a change to slip in right now, at the end of the
2.86 cycle. Instead I'll attend to it as the first ting in 2.87, so
expect me to get back to you in the next couple of weeks.


Cheers,

Simon.



On 22/08/2021 13:57, Chen Zhenge via Dnsmasq-discuss wrote:
> Hi all,
> 
> 
> I am trying to switch my firewall setup from iptables to nftables. One
> of the remaining parts that still doesn't support it is dnsmasq, so I
> wrote a patch to allow adding IP addresses to nftables sets in addition
> to ipsets.
> 
> 
> This patch adds a new option --nftset, which is the same as --ipset
> except that it adds IP address to a given nftables set. It uses
> libnftables to perform the operations.
> 
> 
> I've done some testing on my PC and found no issues so far. The
> implementation shares most of its code with ipset so it should be easy
> to review. Please let me know if you have found a bug or need something
> else.
> 
> 
> Best,
> 
> Chen Zhenge
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
> 




More information about the Dnsmasq-discuss mailing list