summaryrefslogtreecommitdiffstats
path: root/etc/xtables.conf
diff options
context:
space:
mode:
authorGiuseppe Longo <giuseppelng@gmail.com>2013-09-09 12:54:04 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-12-30 23:50:46 +0100
commit84909d171585d77fe769f03e2b1b96eab0aa0213 (patch)
tree1627c75d71025b18b6d7a94ee504617146b02419 /etc/xtables.conf
parent67da6075a4e7ced0e8cc452d73ce8ab06cbf8cd9 (diff)
xtables: bootstrap ARP compatibility layer for nftables
This patch bootstraps ARP support for the compatibility layer: 1) copy original arptables code into xtables-arp.c 2) adapt it to fit into the existing nft infrastructure. 3) add the builtin table/chains for ARP. 4) add necessary parts so xtables-multi can provide xtables-arp. 5) add basic support for rule addition (-A), insertion (-I) and listing (-L). [ This was originally posted in a series of patches with interdependencies that I have collapsed to leave the repository in consistent state. This patch includes the following changes I made: * Rename from xtables-arptables to xtables-arp, previous name too long. * Remove nft-arptables.c, now we have one single nft-arp.c file. Moved specific ARP functions to nft.c. Those should go away at some point as some refactorization should allow to accomodate those functions to the existing infrastructure. * Fix --opcode Request/Reply, so we can do something useful with this like dropping ARP request/replies. --pablo ] Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'etc/xtables.conf')
-rw-r--r--etc/xtables.conf8
1 files changed, 8 insertions, 0 deletions
diff --git a/etc/xtables.conf b/etc/xtables.conf
index 7b2b8e5f..d37b0d7c 100644
--- a/etc/xtables.conf
+++ b/etc/xtables.conf
@@ -65,3 +65,11 @@ family ipv6 {
chain OUTPUT hook NF_INET_LOCAL_OUT prio 50
}
}
+
+family arp {
+ table filter {
+ chain INPUT hook NF_ARP_IN prio 0
+ chain FORWARD hook NF_ARP_FORWARD prio 0
+ chain OUTPUT hook NF_ARP_OUT prio 0
+ }
+} \ No newline at end of file