blob: f2a28ebdd5317ce475c29287c7755c099e012000 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
:input;type filter hook input priority 0
:ingress;type filter hook ingress device lo priority 0
*inet;test-inet;input
*bridge;test-bridge;input
*netdev;test-netdev;ingress
# must not remove ip dependency -- ONLY ipv4 packets should be matched
ip protocol tcp tcp dport 22;ok;ip protocol 6 tcp dport 22
# can remove it here, ip protocol is implied via saddr.
ip protocol tcp ip saddr 1.2.3.4 tcp dport 22;ok;ip saddr 1.2.3.4 tcp dport 22
# but not here.
ip protocol tcp counter ip saddr 1.2.3.4 tcp dport 22;ok;ip protocol 6 counter ip saddr 1.2.3.4 tcp dport 22
# or here.
ip protocol tcp counter tcp dport 22;ok;ip protocol 6 counter tcp dport 22
ether type ip tcp dport 22;ok
|