andrey-utkin
commented
2 years ago Hi @rpthms , I'd like to thank you for publishing and maintaining your fine program. Don't worry if you want to decline this patch. It's not going to be a problem for me, as I can keep using my patch on my own, or settle with something more suitable. I do this patch submission to share my finding that your tool accomodates very well this extra usecase. Probably it'd be wrong to call this usecase "unanticipated" - I guess you could think of it or even be asked to add it beforee.
rpthms
This is obviously out of scope for nft-geo-filter project, but the interface and the codebase are so good it makes so much sense. Alternatives are hard to find. FireHOL uses iptables and their datasets don't have IPv6 entries. firewalld introduces its own file formats which is extra complexity. https://github.com/akurov/nftables-firehol has no IPv6. https://github.com/kubax/blocklist-with-nftables has good scope but has limiting factors of social kind: not actively maintained, not well-known, Perl popularity is in decline.
Examples of use:
nft-geo-filter --table-family netdev --interface eth0 --provider blocklist.de all nft-geo-filter --table-family netdev --interface eth0 --provider iplists.firehol.org --no-ipv6 firehol_level1 (otherwise it fails to insert an empty IPv6 list)