From 77c8997c20e5b93a56299850ec1ce4216f8f8b3f Mon Sep 17 00:00:00 2001
From: Benjamin Barenblat <bbaren@google.com>
Date: Mon, 19 Apr 2021 14:19:51 -0400
Subject: localsubnetsetd, a daemon to track the local subnet for nftables

---
 README.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 README.md

(limited to 'README.md')

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..b102c94
--- /dev/null
+++ b/README.md
@@ -0,0 +1,26 @@
+# localsubnetsetd
+
+localsubnetsetd maintains [nftables](https://nftables.org/) sets for all subnets
+directly attached to the current machine. The original use case for
+localsubnetsetd was to give special access to traffic on an IPv6 subnet with an
+unpredictable network number (as is common with prefix delegations from consumer
+ISPs). More generally, localsubnetsetd allows you to treat local network traffic
+specially without involving a border firewall.
+
+## Dependencies
+
+localsubnetsetd is written in Python 3 and requires the nftables and pyroute2
+libraries. On Debian, you want the `python3`, `python3-nftables`, and
+`python3-pyroute2` packages.
+
+## Setup
+
+localsubnetsetd requires that `local_subnets4` and `local_subnets6` sets exist
+in the `inet filter` table. Create them with
+
+    nft add set inet filter local_subnets4 { type ipv4_addr; flags interval; }
+    nft add set inet filter local_subnets6 { type ipv6_addr; flags interval; }
+
+---
+
+This is not an official Google product.
-- 
cgit v1.2.3