network: firewall integration with NFT sets - systemd

diff options

author	Topi Miettinen <toiwoton@gmail.com>	2022-05-22 13:09:06 +0200
committer	Topi Miettinen <topimiettinen@users.noreply.github.com>	2022-06-08 18:12:25 +0200
commit	ab51fd9dbdc59f9a37acd8acaea3e9088d092bba (patch)
tree	82dbd77f4def265280ea0bb5463cd105f6cd3fcb /src/core/cgroup.h
parent	Merge pull request #23641 from keszybz/janitorials (diff)
download	systemd-ab51fd9dbdc59f9a37acd8acaea3e9088d092bba.tar.xz systemd-ab51fd9dbdc59f9a37acd8acaea3e9088d092bba.zip

network: firewall integration with NFT sets

New directives `NFTSet=`, `IPv4NFTSet=` and `IPv6NFTSet=` provide a method for integrating configuration of dynamic networks into firewall rules with NFT sets. /etc/systemd/network/eth.network ``` [DHCPv4] ... NFTSet=netdev:filter:eth_ipv4_address ``` ``` table netdev filter { set eth_ipv4_address { type ipv4_addr flags interval } chain eth_ingress { type filter hook ingress device "eth0" priority filter; policy drop; ip saddr != @eth_ipv4_address drop accept } } ``` ``` sudo nft list set netdev filter eth_ipv4_address table netdev filter { set eth_ipv4_address { type ipv4_addr flags interval elements = { 10.0.0.0/24 } } } ```

Diffstat (limited to 'src/core/cgroup.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: