Open
Description
Hi am facing trouble when using this package i can't load my rule this is my code :
package main
import (
"fmt"
"log"
"net"
"github.com/google/nftables"
"github.com/google/nftables/expr"
)
func main() {
c := &nftables.Conn{}
// Basic boilerplate; create a table & chain.
table := &nftables.Table{
Family: nftables.TableFamilyIPv4,
Name: "ip_filter",
}
table = c.AddTable(table)
myChain := c.AddChain(&nftables.Chain{
Name: "filter_chain",
Table: table,
Type: nftables.ChainTypeFilter,
Hooknum: nftables.ChainHookInput,
Priority: nftables.ChainPriorityFilter,
})
set := &nftables.Set{
Name: "whitelist",
Table: table,
KeyType: nftables.TypeIPAddr, // our keys are IPv4 addresses
}
// Create the set with a bunch of initial values.
if err := c.AddSet(set, []nftables.SetElement{
{Key: net.ParseIP("8.8.8.8")},
}); err != nil {
log.Fatal(err.Error())
}
c.AddRule(&nftables.Rule{
Table: table,
Chain: myChain,
Exprs: []expr.Any{
// [ payload load 4b @ network header + 16 => reg 1 ]
&expr.Payload{
DestRegister: 1,
Base: expr.PayloadBaseNetworkHeader,
Offset: 16,
Len: 4,
},
// [ lookup reg 1 set whitelist ]
&expr.Lookup{
SourceRegister: 1,
SetName: set.Name,
SetID: set.ID,
},
//[ immediate reg 0 drop ]
&expr.Verdict{
Kind: expr.VerdictDrop,
},
},
})
if err := c.Flush(); err != nil {
log.Fatal(err.Error())
}
rules, _ := c.GetRule(table, myChain)
fmt.Println(rules)
}
after executing my code and run the following command : sudo nft list ruleset i expect to found my configured config but i found nothing. is this a compatibility problem ?
Metadata
Metadata
Assignees
Labels
No labels
Activity