summaryrefslogtreecommitdiffstats
path: root/files
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2017-03-14 20:12:30 +0100
committerFlorian Westphal <fw@strlen.de>2017-03-15 13:34:16 +0100
commitbd9445863cb7586dfc9bafa64013d8636f838444 (patch)
tree87f64357cb559564e4a1c43ce39f55899304d897 /files
parent97933e171acf870fd4e2296a87d8118e0f844aaf (diff)
files: provide 'raw' table equivalent
useful for the 'ct zone set' statement, it has to be done before the conntrack lookup but preferrably after the defragmention hook. In iptables, the functionality resides in the CT target which is restricted to the raw table. This provides the skeleton for nft. Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'files')
-rw-r--r--files/nftables/Makefile.am4
-rw-r--r--files/nftables/ipv4-raw6
-rw-r--r--files/nftables/ipv6-raw6
3 files changed, 15 insertions, 1 deletions
diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am
index 1378e2b6..a4c7ac7c 100644
--- a/files/nftables/Makefile.am
+++ b/files/nftables/Makefile.am
@@ -5,9 +5,11 @@ dist_pkgsysconf_DATA = bridge-filter \
ipv4-filter \
ipv4-mangle \
ipv4-nat \
+ ipv4-raw \
ipv6-filter \
ipv6-mangle \
- ipv6-nat
+ ipv6-nat \
+ ipv6-raw
install-data-hook:
${SED} -i 's|@sbindir[@]|${sbindir}/|g' ${DESTDIR}${pkgsysconfdir}/*
diff --git a/files/nftables/ipv4-raw b/files/nftables/ipv4-raw
new file mode 100644
index 00000000..19773ee8
--- /dev/null
+++ b/files/nftables/ipv4-raw
@@ -0,0 +1,6 @@
+#! @sbindir@nft -f
+
+table raw {
+ chain prerouting { type filter hook prerouting priority -300; }
+ chain output { type filter hook output priority -300; }
+}
diff --git a/files/nftables/ipv6-raw b/files/nftables/ipv6-raw
new file mode 100644
index 00000000..5ee56a83
--- /dev/null
+++ b/files/nftables/ipv6-raw
@@ -0,0 +1,6 @@
+#! @sbindir@nft -f
+
+table ip6 raw {
+ chain prerouting { type filter hook prerouting priority -300; }
+ chain output { type filter hook output priority -300; }
+}