I want to open a range of TCP ports in nftables
on my servers.
Normally, in netfilter/iptables I can write the rule like this
iptables -A INPUT -p tcp 1000:2000 -j ACCEPT
I tried to write in the same way in /etc/nftables.conf
tcp dport {1000:2000} accept
but nft
reports
/etc/nftables.conf:24:15-24: Error: mapping outside of map context
tcp dport {1000:2000} accept
^^^^^^^^^^
A simple dash without braces should do the trick:
tcp dport 1000-2000 accept
More examples of ranges and sets can be found in the official wiki wiki.nftables.org Intervals