From 54370e1630e95755a6cfada95389bda34e8ffd83 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Fri, 7 Apr 2017 23:36:30 +0200 Subject: doc: revisit fib examples There are several typos there that may confuse users, fix them. Signed-off-by: Pablo Neira Ayuso --- doc/nft.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'doc') diff --git a/doc/nft.xml b/doc/nft.xml index 31c664d8..57cf5cf1 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -1561,7 +1561,7 @@ filter output ip6 daddr ::1 # match if route exists -filter input fib iif saddr exists +filter input fib daddr . iif oif exists # match only non-fragmented packets in IPv6 traffic filter input exthdr frag missing @@ -2147,13 +2147,13 @@ filter output oif eth0 Using fib expressions # drop packets without a reverse path -filter prerouting fib saddr . iif oif eq 0 drop +filter prerouting fib saddr . iif oif missing drop # drop packets to address not configured on ininterface -filter input fib daddr . iif type not { local, broadcast, multicast } drop +filter prerouting fib daddr . iif type != { local, broadcast, multicast } drop # perform lookup in a specific 'blackhole' table (0xdead, needs ip appropriate ip rule) -filter prerouting meta mark set 0xdead fib daddr . mark type vmap { backhole : drop, prohibit : jump prohibited, unreachable : drop } +filter prerouting meta mark set 0xdead fib daddr . mark type vmap { blackhole : drop, prohibit : jump prohibited, unreachable : drop } -- cgit v1.2.3