iptables - iptables tree

diff options

author	Liping Zhang <liping.zhang@spreadtrum.com>	2016-10-07 19:08:51 +0800
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-10-14 18:59:35 +0200
commit	129ed57b8e050e8e57deeefc2ed36ec979265d8a (patch)
tree	026db10e09ee8100358a5c6aff9486cf1e36dd97 /COMMIT_NOTES
parent	837ca1e34893c67d8e195a4132d1517cb7d4bb11 (diff)

extensions: libxt_iprange: handle the invert flag properly in translation

If we specify the invert flag, we should put "!=" after "ip saddr/daddr", so the current translation is wrong: # iptables-translate -A OUTPUT -m iprange ! --dst-range 1.1.1.1-1.1.1.2 nft add rule ip filter OUTPUT != ip daddr 1.1.1.1-1.1.1.2 counter # ip6tables-translate -A OUTPUT -m iprange ! --src-range 2003::1-2003::3 nft add rule ip6 filter OUTPUT != ip6 saddr 2003::1-2003::3 counter Apply this patch: # iptables-translate -A OUTPUT -m iprange ! --dst-range 1.1.1.1-1.1.1.2 nft add rule ip filter OUTPUT ip daddr != 1.1.1.1-1.1.1.2 counter # ip6tables-translate -A OUTPUT -m iprange ! --src-range 2003::1-2003::3 nft add rule ip6 filter OUTPUT ip6 saddr != 2003::1-2003::3 counter Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'COMMIT_NOTES')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: