push.rocks/smartnftables
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(firewall): add IP set blocking convenience API with CIDR interval support and optional rule comments

Browse Source
This commit is contained in:
Jürgen Kunz
2026-04-26 15:05:50 +00:00
parent 75dacef68e
commit 6e7c0d90d8
9 changed files with 106 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ts/nft.rulebuilder.firewall.ts
+5 -2
View File
@@ -84,10 +84,11 @@ export function buildIPSetCreate(
config: INftIPSetConfig,
): string[] {
const commands: string[] = [];
const flags = config.interval ? ' flags interval \\;' : '';
// Create the set
commands.push(
`nft add set ${family} ${tableName} ${config.name} { type ${config.type} \\; }`
`nft add set ${family} ${tableName} ${config.name} { type ${config.type} \\;${flags} }`
);
// Add initial elements if provided
@@ -154,10 +155,12 @@ export function buildIPSetMatchRule(
direction: 'input' | 'output' | 'forward';
matchField: 'saddr' | 'daddr';
action: 'accept' | 'drop' | 'reject';
comment?: string;
},
): string[] {
const comment = options.comment ? ` comment "${options.comment}"` : '';
return [
`nft add rule ${family} ${tableName} ${options.direction} ip ${options.matchField} @${options.setName} ${options.action}`
`nft add rule ${family} ${tableName} ${options.direction} ip ${options.matchField} @${options.setName}${comment} ${options.action}`
];
}