Add --nftset option, like --ipset but for the newer nftables.v2.87test2

Thanks to Chen Zhenge for the original patch, which I've reworked. Any bugs down to SRK.
author: Simon Kelley <simon@thekelleys.org.uk> 2021-09-27 21:31:20 +0100
committer: Simon Kelley <simon@thekelleys.org.uk> 2021-09-27 21:49:28 +0100
commit: 47aefca5e405b4b6627ef952fdc42e61b1baa770 (patch)
tree: 853a36100c922de403e543fa779bb1ce58c7ab2e /dnsmasq.conf.example
parent: 981fb037102306a4ca683f14c8469db4d5e27233 (diff)
download: dnsmasq-47aefca5e405b4b6627ef952fdc42e61b1baa770.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
index bf19424..2047630 100644
--- a/dnsmasq.conf.example
+++ b/dnsmasq.conf.example
@@ -85,6 +85,16 @@
 # subdomains to the vpn and search ipsets:
 #ipset=/yahoo.com/google.com/vpn,search
 
+# Add the IPs of all queries to yahoo.com, google.com, and their
+# subdomains to netfilters sets, which is equivalent to
+# 'nft add element ip test vpn { ... }; nft add element ip test search { ... }'
+#nftset=/yahoo.com/google.com/ip#test#vpn,ip#test#search
+
+# Use netfilters sets for both IPv4 and IPv6:
+# This adds all addresses in *.yahoo.com to vpn4 and vpn6 for IPv4 and IPv6 addresses.
+#nftset=/yahoo.com/4#ip#test#vpn4
+#nftset=/yahoo.com/6#ip#test#vpn6
+
 # You can control how dnsmasq talks to a server: this forces
 # queries to 10.1.2.3 to be routed via eth1
 # server=10.1.2.3@eth1
author	Simon Kelley <simon@thekelleys.org.uk>	2021-09-27 21:31:20 +0100
committer	Simon Kelley <simon@thekelleys.org.uk>	2021-09-27 21:49:28 +0100
commit	47aefca5e405b4b6627ef952fdc42e61b1baa770 (patch)
tree	853a36100c922de403e543fa779bb1ce58c7ab2e /dnsmasq.conf.example
parent	981fb037102306a4ca683f14c8469db4d5e27233 (diff)
download	dnsmasq-47aefca5e405b4b6627ef952fdc42e61b1baa770.tar.gz