diff options
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/generic.txlate | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/extensions/generic.txlate b/extensions/generic.txlate index b38fbd1f..c92d082a 100644 --- a/extensions/generic.txlate +++ b/extensions/generic.txlate @@ -18,3 +18,15 @@ nft add rule bridge filter FORWARD iifname != "iname" meta ibrname "ilogname" oi ebtables-translate -I INPUT -p ip -d 1:2:3:4:5:6/ff:ff:ff:ff:00:00 nft insert rule bridge filter INPUT ether type 0x800 ether daddr 01:02:03:04:00:00 and ff:ff:ff:ff:00:00 == 01:02:03:04:00:00 counter + +# asterisk is not special in iptables and it is even a valid interface name +iptables-translate -A FORWARD -i '*' -o 'eth*foo' +nft add rule ip filter FORWARD iifname "\*" oifname "eth\*foo" counter + +# skip for always matching interface names +iptables-translate -A FORWARD -i '+' +nft add rule ip filter FORWARD counter + +# match against invalid interface name to simulate never matching rule +iptables-translate -A FORWARD ! -i '+' +nft add rule ip filter FORWARD iifname "INVAL/D" counter |