pyroute2 icon indicating copy to clipboard operation
pyroute2 copied to clipboard

Published 20 hours ago verified publisher icon svinota

Question: How to mark IPv6 traffic with NFTable rules ?

Open olafayomi opened this issue 3 years ago • 2 comments

Hi, I'm trying to add an nftable rule to mark IPv6 traffic using pyroute2, something like this:

nft add rule ip6 testing testing_chain0 iifname eth1 udp dport 4655 mark set 2 counter

Can this be done with pyroute2 ? I've looked through the pyroute2 code, it seems as if the expressions.py in nftables module only supports IPv4 and can't be used for complex rules. There doesn't seem to be any documentation showing how this can be done. I look forward to your response.

Thank you.

olafayomi avatar Jul 03 '21 05:07 olafayomi 

from pyroute2 import NDB
import socket

# Create an NDB object
ndb = NDB()

# Define the nftable rule
rule = {
    "family": socket.AF_INET6,
    "table": "testing",
    "chain": "testing_chain0",
    "expr": [{"match": {"mark": 0x2}}, {"counter": {}}]
}

# Add the rule
with ndb.nftables(rule) as nft:
    nft.add_rule()

ljluestc avatar Aug 21 '23 01:08 ljluestc

I'm not sure that NDB has got nftables support, unless someone implemented it recently :)

But as for the question: yes, NFTables support is very basic yet, so you can help us extend it, or at least propose APIs.

svinota avatar Aug 21 '23 10:08 svinota