Skip to content
This repository has been archived by the owner on Jan 10, 2023. It is now read-only.
/ localsubnetsetd Public archive

maintain nftables sets for local subnets

License

Notifications You must be signed in to change notification settings

google/localsubnetsetd

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

localsubnetsetd

localsubnetsetd maintains nftables sets for all subnets directly attached to the current machine. The original use case for localsubnetsetd was to give special access to traffic on an IPv6 subnet with an unpredictable network number (as is common with prefix delegations from consumer ISPs). More generally, localsubnetsetd allows you to treat local network traffic specially without involving a border firewall.

Dependencies

localsubnetsetd is written in Python 3 and requires the nftables and pyroute2 libraries. On Debian, you want the python3, python3-nftables, and python3-pyroute2 packages.

Setup

localsubnetsetd requires that local_subnets4 and local_subnets6 sets exist in the inet filter table. Create them with

nft add set inet filter local_subnets4 { type ipv4_addr; flags interval; }
nft add set inet filter local_subnets6 { type ipv6_addr; flags interval; }

This is not an official Google product.

About

maintain nftables sets for local subnets

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Languages