diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-04-04 15:30:21 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-04-05 15:57:17 +0200 |
commit | 053566f71a28e9afc792d222a6fd7b55f7d8f4a0 (patch) | |
tree | 1b763931e110f2e10baba9a760c9ee668a707115 /tests/shell/testcases/optimizations/dumps | |
parent | f3b27274bfdb75dc29301bdd537ee6fec6d4e7c1 (diff) |
optimize: support for redirect and masquerade
The redirect and masquerade statements can be handled as verdicts:
- if redirect statement specifies no ports.
- masquerade statement, in any case.
Exceptions to the rule: If redirect statement specifies ports, then nat
map transformation can be used iif both statements specify ports.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1668
Fixes: 0a6dbfce6dc3 ("optimize: merge nat rules with same selectors into map")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/optimizations/dumps')
-rw-r--r-- | tests/shell/testcases/optimizations/dumps/merge_nat.nft | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/tests/shell/testcases/optimizations/dumps/merge_nat.nft b/tests/shell/testcases/optimizations/dumps/merge_nat.nft index dd17905d..48d18a67 100644 --- a/tests/shell/testcases/optimizations/dumps/merge_nat.nft +++ b/tests/shell/testcases/optimizations/dumps/merge_nat.nft @@ -8,6 +8,7 @@ table ip test2 { chain y { oif "lo" accept dnat ip to tcp dport map { 80 : 1.1.1.1 . 8001, 81 : 2.2.2.2 . 9001 } + ip saddr { 10.141.11.0/24, 10.141.13.0/24 } masquerade } } table ip test3 { @@ -15,12 +16,15 @@ table ip test3 { oif "lo" accept snat to ip saddr . tcp sport map { 1.1.1.1 . 1024-65535 : 3.3.3.3, 2.2.2.2 . 1024-65535 : 4.4.4.4 } oifname "enp2s0" snat ip to ip saddr map { 10.1.1.0/24 : 72.2.3.66-72.2.3.78 } + tcp dport { 8888, 9999 } redirect } } table ip test4 { chain y { oif "lo" accept dnat ip to ip daddr . tcp dport map { 1.1.1.1 . 80 : 4.4.4.4 . 8000, 2.2.2.2 . 81 : 3.3.3.3 . 9000 } + redirect to :tcp dport map { 83 : 8083, 84 : 8084 } + tcp dport 85 redirect } } table inet nat { |