summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2018-05-15 00:48:01 +0200
committerFlorian Westphal <fw@strlen.de>2018-05-15 22:33:06 +0200
commit5e2b473a64bc772a5fb08d121fbfd969ca652bec (patch)
tree9179109228fc9747eebba79368d70a7cf161760a /extensions
parent1a696c99d278ca3fe551d891d21459cac6382aab (diff)
xtables-compat: extend generic tests for masks and wildcards
This uncovered broken translation of ethernet + mask. Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions')
-rw-r--r--extensions/generic.txlate15
1 files changed, 15 insertions, 0 deletions
diff --git a/extensions/generic.txlate b/extensions/generic.txlate
index 1140bb89..b38fbd1f 100644
--- a/extensions/generic.txlate
+++ b/extensions/generic.txlate
@@ -3,3 +3,18 @@ nft insert rule ip filter OUTPUT ip protocol udp ip daddr 8.8.8.8 counter accept
iptables-translate -F -t nat
nft flush table ip nat
+
+iptables-translate -I INPUT -i iifname -s 10.0.0.0/8
+nft insert rule ip filter INPUT iifname "iifname" ip saddr 10.0.0.0/8 counter
+
+iptables-translate -A INPUT -i iif+ ! -d 10.0.0.0/8
+nft add rule ip filter INPUT iifname "iif*" ip daddr != 10.0.0.0/8 counter
+
+ebtables-translate -I INPUT -i iname --logical-in ilogname -s 0:0:0:0:0:0
+nft insert rule bridge filter INPUT iifname "iname" meta ibrname "ilogname" ether saddr 00:00:00:00:00:00 counter
+
+ebtables-translate -A FORWARD ! -i iname --logical-in ilogname -o out+ --logical-out lout+ -d 1:2:3:4:de:af
+nft add rule bridge filter FORWARD iifname != "iname" meta ibrname "ilogname" oifname "out*" meta obrname "lout*" ether daddr 01:02:03:04:de:af counter
+
+ebtables-translate -I INPUT -p ip -d 1:2:3:4:5:6/ff:ff:ff:ff:00:00
+nft insert rule bridge filter INPUT ether type 0x800 ether daddr 01:02:03:04:00:00 and ff:ff:ff:ff:00:00 == 01:02:03:04:00:00 counter