diff options
author | Florian Westphal <fw@strlen.de> | 2018-04-18 00:09:05 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-04-19 10:18:18 +0200 |
commit | f38ed1e59f8d3b62e322563401cabc6dbac5fca5 (patch) | |
tree | cfeca465d8c624b0c2361e10703796d5e4967138 /extensions/libxt_tcp.txlate | |
parent | 71a6e372f82b6c50c14c8034a974f3ad5983314d (diff) |
xt-translate: quote interface names in translated output
it its good practice as interface names can be virtually any
identifier and could clash with nft keywords.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions/libxt_tcp.txlate')
-rw-r--r-- | extensions/libxt_tcp.txlate | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/extensions/libxt_tcp.txlate b/extensions/libxt_tcp.txlate index db099037..ccec4362 100644 --- a/extensions/libxt_tcp.txlate +++ b/extensions/libxt_tcp.txlate @@ -1,8 +1,8 @@ iptables-translate -A INPUT -p tcp -i eth0 --sport 53 -j ACCEPT -nft add rule ip filter INPUT iifname eth0 tcp sport 53 counter accept +nft add rule ip filter INPUT iifname "eth0" tcp sport 53 counter accept iptables-translate -A OUTPUT -p tcp -o eth0 --dport 53:66 -j DROP -nft add rule ip filter OUTPUT oifname eth0 tcp dport 53-66 counter drop +nft add rule ip filter OUTPUT oifname "eth0" tcp dport 53-66 counter drop iptables-translate -I OUTPUT -p tcp -d 8.8.8.8 -j ACCEPT nft insert rule ip filter OUTPUT ip protocol tcp ip daddr 8.8.8.8 counter accept |