от —
Обсуждение тут
—
для интерфейса
#!/bin/sh
TABLE="inet zapret"
CHAIN="postrouting_hook"
IN_INTERFACE="eth1.10"
MARK_MASK="0x40000000"
if nft list table $TABLE >/dev/null 2>&1 && nft list chain $TABLE $CHAIN >/dev/null 2>&1; then
nft insert rule $TABLE $CHAIN index 0 \
iifname $IN_INTERFACE meta mark set meta mark or $MARK_MASK 2>/dev/null
fiдля ip
#!/bin/sh
TABLE="inet zapret"
CHAIN="postrouting_hook"
EXCEPT_SRC='{192.168.X.X, 192.168.X.X}'
MARK_MASK="0x40000000"
if nft list table $TABLE >/dev/null 2>&1 && nft list chain $TABLE $CHAIN >/dev/null 2>&1; then
nft insert rule $TABLE $CHAIN index 0 \
ip saddr $EXCEPT_SRC meta mark set meta mark or $MARK_MASK 2>/dev/null
fi