Skip to content

Merge adjacent IP subnets into ranges for nftables #182

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
wojcik91 merged 5 commits into from
Aug 6, 2025
Merged

Merge adjacent IP subnets into ranges for nftables #182

wojcik91 merged 5 commits into from
Aug 6, 2025

Conversation

@t-aleksander
Copy link
Contributor

@t-aleksander t-aleksander commented Aug 4, 2025

wojcik91
wojcik91 previously approved these changes Aug 4, 2025
View reviewed changes
@wojcik91
merge adjacent subnets for nft (#185)
605041d 
* merge adjacent elements

* update new tests
@wojcik91 wojcik91 changed the title Restore merging of IPs into ranges Merge adjacent IP subnets into ranges for nftables Aug 5, 2025
@wojcik91
Copy link
Contributor

wojcik91 commented Aug 5, 2025

This mimics the behavior of nft CLI - if elements in a given address list are adjacent, they are converted into a range and merged.

For example [10.0.10.2/31, 10.0.10.4/31] is converted into 10.0.10.2-10.0.10.5.

This resolves the original issue with nftables. In the future we might also consider skipping subnet extraction for source addrs altogether, since it seems confusing.

@wojcik91 wojcik91 merged commit 4a6d87b into main Aug 6, 2025
1 check passed
@wojcik91 wojcik91 deleted the acl-patch branch August 6, 2025 07:55
wojcik91 added a commit that referenced this pull request Aug 6, 2025
@wojcik91 @t-aleksander
Merge adjacent IP subnets into ranges for nftables (#182) (#187)
fa0012e 
* restore merging of ips

* merge adjacent subnets for nft (#185)

* merge adjacent elements

* update new tests

* linter fixes

* linter fix

* review fixes

---------

Co-authored-by: Aleksander <[email protected]>
wojcik91 added a commit that referenced this pull request Sep 10, 2025
@wojcik91 @t-aleksander
pre release 1.5 cleanup (#206)
5d3549f 
* Merge adjacent IP subnets into ranges for nftables  (#182)

* restore merging of ips

* merge adjacent subnets for nft (#185)

* merge adjacent elements

* update new tests

* linter fixes

* linter fix

* review fixes

---------

Co-authored-by: Maciek <[email protected]>
Co-authored-by: Maciej Wójcik <[email protected]>
Co-authored-by: Maciej Wójcik <[email protected]>

* bump version (#188)

* update dependencies

* update protos

* update core dependency

---------

Co-authored-by: Aleksander <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@moubctez moubctez moubctez approved these changes

@wojcik91 wojcik91 wojcik91 left review comments

Assignees

@wojcik91 wojcik91

@t-aleksander t-aleksander

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

NFT rule source addresses don't seem to take into account the first address in a subnet

4 participants

@t-aleksander @wojcik91 @moubctez