blob: a4ced2c4a7a495d79d0ca9305fb709813e1a4eea (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
<rule family="ip" table="filter" chain="INPUT" handle="25">
<rule_flags>0</rule_flags>
<expr type="meta">
<dreg>1</dreg>
<key>iifname</key>
</expr>
<expr type="cmp">
<sreg>1</sreg>
<op>eq</op>
<cmpdata>
<data_reg type="value">
<len>16</len>
<data0>0x00000000</data0>
<data1>0x00000000</data1>
<data2>0x65000000</data2>
<data3>0x00306874</data3>
</data_reg>
</cmpdata>
</expr>
<expr type="payload">
<dreg>1</dreg>
<offset>9</offset>
<len>1</len>
<base>network</base>
</expr>
<expr type="cmp">
<sreg>1</sreg>
<op>eq</op>
<cmpdata>
<data_reg type="value">
<len>1</len>
<data0>0x00000006</data0>
</data_reg>
</cmpdata>
</expr>
<expr type="payload">
<dreg>1</dreg>
<offset>2</offset>
<len>2</len>
<base>transport</base>
</expr>
<expr type="cmp">
<sreg>1</sreg>
<op>eq</op>
<cmpdata>
<data_reg type="value">
<len>2</len>
<data0>0x00001600</data0>
</data_reg>
</cmpdata>
</expr>
<expr type="ct">
<dreg>1</dreg>
<key>state</key>
<dir>0</dir>
</expr>
<expr type="bitwise">
<sreg>1</sreg>
<dreg>1</dreg>
<len>4</len>
<mask>
<data_reg type="value">
<len>4</len>
<data0>0x0000000a</data0>
</data_reg>
</mask>
<xor>
<data_reg type="value">
<len>4</len>
<data0>0x00000000</data0>
</data_reg>
</xor>
</expr>
<expr type="cmp">
<sreg>1</sreg>
<op>neq</op>
<cmpdata>
<data_reg type="value">
<len>4</len>
<data0>0x00000000</data0>
</data_reg>
</cmpdata>
</expr>
<expr type="counter">
<pkts>0</pkts>
<bytes>0</bytes>
</expr>
<expr type="log">
<prefix>testprefix</prefix>
<group>1</group>
<snaplen>0</snaplen>
<qthreshold>0</qthreshold>
</expr>
</rule>
<!-- nft add rule filter INPUT meta iifname "eth0" tcp dport 22 ct state new,established counter log prefix testprefix group 1 -->
|