Create Set or Vmap for DNAT Nftables

Question

I'd like to know if someone has found a way to do this. I've been able to create a set for my DNAT rules with nftables, however I haven't been able to achieve what I truly want. This is the Set I have so far:

nft add map ip nat dnat_map{type ipv4_addr . inet_service : ipv4_addr \;}

However what I really want to achieve is something like this

nft add map ip nat dnat_map{type ipv4_addr . inet_service : ipv4_addr . inet_service \;}

But Nftables really doesn't like that format so have anyone been able to make a map that allows element to have both the daddr and dport plus the dnat daddr and port? Assuming ofc that an element would look like this(Yes I need a different port on the dnat addr):

nft add element ip nat dnat_map{\
1.1.1.1 .  2222 : 192.168.1.1 . 22,\
}

Answer 1

In case someone else goes through this I found the solution to my problem. In my case I have security through obscurity for RDP and SSH connections so I just needed one port for Windows and another for Linux devices. the resulting rule was.

nft add rule ip nat prerouting iifname $wan_iface ip saddr @admin_ips tcp dport 2222 dnat ip daddr map @wan_to_lan : tcp dport map{2222 : 22}

Then my @wan_to_lan map was as follows

nft add map ip nat wan_to_lan {type ipv4_addr : ipv4_addr \;}
nft add element ip nat wan_to_lan {1.1.1.1:192.168.1.x}

The trick is when setting the rule you have to remember you can use one or multiple maps. The exception is the vmap that already end the rule with a verdict. I think the wiki helps but needs to be updated as some of the syntax is no longer supported.