blob: 646b0ca50207721d10cf1679a5cff6662685cf8b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
|
:input;type filter hook input priority 0
:ingress;type filter hook ingress device lo priority 0
:egress;type filter hook egress device lo priority 0
*ip;test-ip;input
*netdev;test-netdev;ingress,egress
# can remove ip dependency -- its redundant in ip family
ip protocol tcp tcp dport 22;ok;tcp dport 22
# but not here
ip protocol tcp meta mark set 1 tcp dport 22;ok;ip protocol 6 meta mark set 0x00000001 tcp dport 22
|