通过以下设置:
#!/usr/sbin/nft -f
add table ip filter
add chain ip filter input { type filter hook input priority 0; }
add set ip filter nat-group-1 { type ipv4_addr; }
add set ip filter nat-group-2 { type ipv4_addr; }
add set ip filter nat-group-3 { type ipv4_addr; }
add set ip filter nat-group-4 { type ipv4_addr; }
add set ip filter nat-group-5 { type ipv4_addr; }
add rule ip filter input ip saddr @nat-group-1 tcp dport 22 drop
add table ip nat
add chain ip nat postrouting {type nat hook postrouting priority srcnat; policy accept; }
add rule ip nat postrouting ip saddr @nat-group-1 snat to 192.168.1.0/24 persistent
add rule ip nat postrouting ip saddr @nat-group-2 snat to 192.168.2.0/24 persistent
我收到错误消息
Error: No such file or directory; did you mean set ‘nat-group-1’ in table ip ‘filter’?
我不知道如何引用另一个表中的集合。这可能吗?怀疑可以通过复制两个表中的集合来解决这个问题,但错误消息让我希望有一些我不知道的语法。
我将引用两个表中的集合。