| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
# nft add table arp x
# nft add chain arp x y { type filter hook input priority 0\; }
# nft add rule arp x y arp saddr ip 192.168.2.1 counter
Testing this:
# ip neigh flush dev eth0
# ping 8.8.8.8
# nft list ruleset
table arp x {
chain y {
type filter hook input priority filter; policy accept;
arp saddr ip 192.168.2.1 counter packets 1 bytes 46
}
}
You can also specify hardware sender address, eg.
# nft add rule arp x y arp saddr ether aa:bb:cc:aa:bb:cc drop counter
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Segment Routing Header "SRH" is new type of IPv6 Routing extension
header (type 4).
SRH contains a list of segments (each is represented as an IPv6 address)
to be visited by packets during the journey from source to destination.
The SRH specification are defined in the below IETF SRH draft.
https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-07
Signed-off-by: Ahmed Abdelsalam <amsalam20@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
# nft describe dccp type
payload expression, datatype dccp_pkttype (DCCP packet type) (basetype integer), 4 bits
pre-defined symbolic constants:
request 0x0
response 0x1
data 0x2
ack 0x3
dataack 0x4
closereq 0x5
close 0x6
reset 0x7
sync 0x8
syncack 0x9
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
