maintain nftables sets for local subnets
localsubnetsetd maintains nftables sets for all subnets
directly attached to the current machine. The original use case for
localsubnetsetd was to give special access to traffic on an IPv6 subnet with an
unpredictable network number (as is common with prefix delegations from consumer
ISPs). More generally, localsubnetsetd allows you to treat local network traffic
specially without involving a border firewall.
localsubnetsetd is written in Python 3 and requires the nftables and pyroute2
libraries. On Debian, you want the python3, python3-nftables, andpython3-pyroute2 packages.
localsubnetsetd requires that local_subnets4 and local_subnets6 sets exist
in the inet filter table. Create them with
nft add set inet filter local_subnets4 { type ipv4_addr; flags interval; }nft add set inet filter local_subnets6 { type ipv6_addr; flags interval; }
This is not an official Google product.