[Dnsmasq-discuss] [PATCH v2] Add nftables set support

Simon Kelley simon at thekelleys.org.uk
Mon Sep 27 20:58:46 UTC 2021


I'd already made both those changes in my tree, which I just committed.

Other changes:

Log the correct domain in iptables and nftables add lines, even in the
presence of CNAMEs.

Log errors from libnft.

Allow '4#' or '6#' at the start of the nftset specification to allow
IPv4 and IPv6 addresses to be inserted into the correct type of table.


Don't log ipset or nftable insertions if they fail.

Please test, and let me know if I broke anything.


Cheers,

Simon.



On 26/09/2021 08:57, Chen Zhenge via Dnsmasq-discuss wrote:
> 
> On 8/22/21 20:57, Chen Zhenge wrote:
>> This patch adds a new option --nftset, which is the same as --ipset
>> except that it adds IP address to a given nftables set. It uses
>> libnftables to perform the operations.
> 
> 
> The v2 patch has the following changes compared with v1:
> 
> 1. Use '<family>#<table>#<name>' instead of '<family> <table> <name>'
> for nftable set. This makes using --nftset option at command line more
> convenient.
> 
> 2. Make nftset support disabled by default, because it requires linking
> against libnftables.
> 
> 
> The complete patch is attached below.
> 
> 
> ---
> 
> Best,
> 
> Chen Zhenge
> 
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
> 




More information about the Dnsmasq-discuss mailing list