Using shell commands:
nft add table ip filter nft add map filter deucalion { type ipv4_addr : classid\; }
Using nftables file:
table ip filter { map deucalion { type ipv4_addr : classid; elements = { 1.1.1.2 : 2:2222, 1.1.1.3 : 3:3333 } } chain input { type filter hook input priority 0; policy accept; meta priority set ip daddr map @deucalion; } }
This patch is already merged upstream (as of 2018 Archlinux and Ubuntu have it, Debian not yet!):
You need it if nft shows this error:
<cmdline>:1:45-51: Error: syntax error, unexpected classid, expecting string or dscp or ecn or mark
add map filter deucalion { type ipv4_addr : classid; }
^^^^^^^
<cmdline>:1:26-52: Error: map definition does not specify key data type
add map filter deucalion { type ipv4_addr : classid; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^
parser: allow classid as set key From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx> Allow TC classid as set key. Signed-off-by: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx> --- src/parser_bison.y | 1 + 1 file changed, 1 insertion(+) diff --git a/src/parser_bison.y b/src/parser_bison.y index 7016f5b..2918875 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1545,6 +1545,7 @@ type_identifier : STRING { $$ = $1; } | MARK { $$ = xstrdup("mark"); } | DSCP { $$ = xstrdup("dscp"); } | ECN { $$ = xstrdup("ecn"); } + | CLASSID { $$ = xstrdup("classid"); } ; hook_spec : TYPE STRING HOOK STRING dev_spec PRIORITY prio_spec