diff options
| author | Laura Garcia Liebana <nevola@gmail.com> | 2016-03-07 22:22:55 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-03-08 11:47:00 +0100 |
| commit | fcc183744956780cb88dca4d242b9a0f243434e4 (patch) | |
| tree | 94610c8e28243b61bd58482d7104d6c1662777f1 /extensions/libipt_MASQUERADE.c | |
| parent | 9dbb616c2f0c3f7f452acc502e3b623d1b8c36b8 (diff) | |
extensions: libip6t_icmp6: Add translation to nft
Add translation for icmpv6 to nftables.
Not supported icmp codes in nftables are: no-route,
communication-prohibited, beyond-scope, address-unreachable,
port-unreachable, failed-policy, reject-route, ttl-zero-during-transit,
ttl-zero-during-reassembly, bad-header, unknown-header-type and
unknown-option.
Examples:
$ ip6tables-translate -t filter -A INPUT -m icmp6 --icmpv6-type 1 -j LOG
nft add rule ip6 filter INPUT icmpv6 type destination-unreachable counter log level warn
$ ip6tables-translate -t filter -A INPUT -m icmp6 --icmpv6-type neighbour-advertisement -j LOG
nft add rule ip6 filter INPUT icmpv6 type nd-neighbor-advert counter log level warn
$ ip6tables-translate -t filter -A INPUT -m icmp6 ! --icmpv6-type packet-too-big -j LOG
nft add rule ip6 filter INPUT icmpv6 type != packet-too-big counter log level warn
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libipt_MASQUERADE.c')
0 files changed, 0 insertions, 0 deletions