diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2014-10-03 14:46:41 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-10-09 14:09:28 +0200 |
commit | fc53d1b6b93d9ca194334c43931753e19bcb127b (patch) | |
tree | 170218b0e392d7e123748d15396739ca05bb74e6 /src/netlink_linearize.c | |
parent | 5fdd0b6a0600e66f9ff6d9a1d6b749aa68a3ba99 (diff) |
src: add nat persistent and random options
This patch adds more configuration options to the nat expression.
The syntax is as follow:
% nft add rule nat postrouting <snat|dnat> <nat_arguments> [flags]
Flags are: random, persistent, random-fully.
Example:
% nft add rule nat postrouting dnat 1.1.1.1 random,persistent
A requirement is to cache some [recent] copies of kernel headers.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_linearize.c')
-rw-r--r-- | src/netlink_linearize.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 29f8e9ae..895cfa99 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -634,6 +634,9 @@ static void netlink_gen_nat_stmt(struct netlink_linearize_ctx *ctx, family = nft_rule_attr_get_u32(ctx->nlr, NFT_RULE_ATTR_FAMILY); nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_FAMILY, family); + if (stmt->nat.flags != 0) + nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_FLAGS, stmt->nat.flags); + if (stmt->nat.addr) { amin_reg = get_register(ctx); registers++; |