Add --nftset option, like --ipset but for the newer nftables.

Thanks to Chen Zhenge for the original patch, which I've reworked. Any bugs down to SRK.
2025-12-19 10:18:25 +00:00 · 2021-09-27 21:31:20 +01:00
parent 981fb03710
commit 47aefca5e4
12 changed files with 226 additions and 45 deletions
--- a/src/cache.c
+++ b/src/cache.c
@@ -2060,7 +2060,7 @@ void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg,
    }
  else if (flags & F_IPSET)
    {
-      source = "ipset add";
+      source = type ? "ipset add" : "nftset add";
      dest = name;
      name = arg;
      verb = daemon->addrbuff;