diff options
author | Florian Westphal <fw@strlen.de> | 2018-02-18 09:49:16 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-02-26 00:03:54 +0100 |
commit | 147a891f8ca48f1f0c932ac304810d68780c90c2 (patch) | |
tree | e1fa45e6e7db6a3f23a8f6033659717df6c271f3 /extensions/libxt_ecn.txlate | |
parent | ed928a8302aa7a531987ff8120950c44bfcab700 (diff) |
extenstions: ecn: add tcp ecn/cwr translation
nft can match tcp flags, so add ece/cwr translation.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions/libxt_ecn.txlate')
-rw-r--r-- | extensions/libxt_ecn.txlate | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/extensions/libxt_ecn.txlate b/extensions/libxt_ecn.txlate index 9e3bd310..f012f128 100644 --- a/extensions/libxt_ecn.txlate +++ b/extensions/libxt_ecn.txlate @@ -21,3 +21,9 @@ nft add rule ip filter INPUT ip ecn != ect0 counter iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 3 nft add rule ip filter INPUT ip ecn != ce counter + +iptables-translate -A INPUT -m ecn ! --ecn-tcp-ece +nft add rule ip filter INPUT tcp flags != ecn counter + +iptables-translate -A INPUT -m ecn --ecn-tcp-cwr +nft add rule ip filter INPUT tcp flags cwr counter |