diff options
author | Liping Zhang <liping.zhang@spreadtrum.com> | 2016-08-28 16:50:47 +0800 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-08-30 11:55:52 +0200 |
commit | 89391ea5e3afbb5bb84c137c1f78e8c64b07a954 (patch) | |
tree | 865201b302b7c75f972b52dc25ec281cccc09a9e | |
parent | 1d3f29d61b24ae1a41ef9acd3fcbe658a8892b9c (diff) |
extensions: libip[6]t_SNAT/DNAT: use the new nft syntax when do xlate
After commit "src: add 'to' for snat and dnat" in nftables tree,
we should recommend the end user to use the new syntax.
Before this patch:
# iptables-translate -t nat -A POSTROUTING -j SNAT --to-source 1.1.1.1
nft add rule ip nat POSTROUTING counter snat 1.1.1.1
# ip6tables-translate -t nat -A PREROUTING -j DNAT --to-destination
2001::1
nft add rule ip6 nat PREROUTING counter dnat 2001::1
Apply this patch:
# iptables-translate -t nat -A POSTROUTING -j SNAT --to-source 1.1.1.1
nft add rule ip nat POSTROUTING counter snat to 1.1.1.1
# ip6tables-translate -t nat -A PREROUTING -j DNAT --to-destination
2001::1
nft add rule ip6 nat PREROUTING counter dnat to 2001::1
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | extensions/libip6t_DNAT.c | 2 | ||||
-rw-r--r-- | extensions/libip6t_SNAT.c | 2 | ||||
-rw-r--r-- | extensions/libipt_DNAT.c | 2 | ||||
-rw-r--r-- | extensions/libipt_SNAT.c | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/extensions/libip6t_DNAT.c b/extensions/libip6t_DNAT.c index 3925c3bb..97a8b1cb 100644 --- a/extensions/libip6t_DNAT.c +++ b/extensions/libip6t_DNAT.c @@ -259,7 +259,7 @@ static int DNAT_xlate(struct xt_xlate *xl, bool sep_need = false; const char *sep = " "; - xt_xlate_add(xl, "dnat "); + xt_xlate_add(xl, "dnat to "); print_range_xlate(range, xl); if (range->flags & NF_NAT_RANGE_PROTO_RANDOM) { xt_xlate_add(xl, " random"); diff --git a/extensions/libip6t_SNAT.c b/extensions/libip6t_SNAT.c index 4d742ea8..c3d8190d 100644 --- a/extensions/libip6t_SNAT.c +++ b/extensions/libip6t_SNAT.c @@ -269,7 +269,7 @@ static int SNAT_xlate(struct xt_xlate *xl, bool sep_need = false; const char *sep = " "; - xt_xlate_add(xl, "snat "); + xt_xlate_add(xl, "snat to "); print_range_xlate(range, xl); if (range->flags & NF_NAT_RANGE_PROTO_RANDOM) { xt_xlate_add(xl, " random"); diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c index 78907198..a14d16f7 100644 --- a/extensions/libipt_DNAT.c +++ b/extensions/libipt_DNAT.c @@ -271,7 +271,7 @@ static int DNAT_xlate(struct xt_xlate *xl, const char *sep = " "; for (i = 0; i < info->mr.rangesize; i++) { - xt_xlate_add(xl, "dnat "); + xt_xlate_add(xl, "dnat to "); print_range_xlate(&info->mr.range[i], xl); if (info->mr.range[i].flags & NF_NAT_RANGE_PROTO_RANDOM) { xt_xlate_add(xl, " random"); diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index 5c699d32..e92d811c 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -282,7 +282,7 @@ static int SNAT_xlate(struct xt_xlate *xl, const char *sep = " "; for (i = 0; i < info->mr.rangesize; i++) { - xt_xlate_add(xl, "snat "); + xt_xlate_add(xl, "snat to "); print_range_xlate(&info->mr.range[i], xl); if (info->mr.range[i].flags & NF_NAT_RANGE_PROTO_RANDOM) { xt_xlate_add(xl, " random"); |