diff options
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/generic.txlate | 6 | ||||
-rw-r--r-- | extensions/libarpt_mangle.txlate | 6 |
2 files changed, 12 insertions, 0 deletions
diff --git a/extensions/generic.txlate b/extensions/generic.txlate index c24ed156..b79239f1 100644 --- a/extensions/generic.txlate +++ b/extensions/generic.txlate @@ -1,3 +1,9 @@ +arptables-translate -A OUTPUT --proto-type ipv4 -s 1.2.3.4 -j ACCEPT +nft 'add rule arp filter OUTPUT arp htype 1 arp hlen 6 arp plen 4 arp ptype 0x800 arp saddr ip 1.2.3.4 counter accept' + +arptables-translate -I OUTPUT -o oifname +nft 'insert rule arp filter OUTPUT oifname "oifname" arp htype 1 arp hlen 6 arp plen 4 counter' + iptables-translate -I OUTPUT -p udp -d 8.8.8.8 -j ACCEPT nft 'insert rule ip filter OUTPUT ip protocol udp ip daddr 8.8.8.8 counter accept' diff --git a/extensions/libarpt_mangle.txlate b/extensions/libarpt_mangle.txlate new file mode 100644 index 00000000..e884d328 --- /dev/null +++ b/extensions/libarpt_mangle.txlate @@ -0,0 +1,6 @@ +arptables-translate -A OUTPUT -d 10.21.22.129 -j mangle --mangle-ip-s 10.21.22.161 +nft 'add rule arp filter OUTPUT arp htype 1 arp hlen 6 arp plen 4 arp daddr ip 10.21.22.129 counter arp saddr ip set 10.21.22.161 accept' +arptables-translate -A OUTPUT -d 10.2.22.129/24 -j mangle --mangle-ip-d 10.2.22.1 --mangle-target CONTINUE +nft 'add rule arp filter OUTPUT arp htype 1 arp hlen 6 arp plen 4 arp daddr ip 10.2.22.0/24 counter arp daddr ip set 10.2.22.1' +arptables-translate -A OUTPUT -d 10.2.22.129/24 -j mangle --mangle-ip-d 10.2.22.1 --mangle-mac-d a:b:c:d:e:f +nft 'add rule arp filter OUTPUT arp htype 1 arp hlen 6 arp plen 4 arp daddr ip 10.2.22.0/24 counter arp daddr ip set 10.2.22.1 arp daddr ether set 0a:0b:0c:0d:0e:0f accept' |