diff options
author | Shivani Bhardwaj <shivanib134@gmail.com> | 2015-12-23 20:03:33 +0530 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-02-16 19:30:23 +0100 |
commit | bdbf63b95176e6d7e7f968c9cb25d58d84fc729e (patch) | |
tree | bd0e52dfc921c53704652bec9dc3c151a4c6f825 /extensions/libip6t_LOG.c | |
parent | b9a46ee40616582b4fca4aa395d52d048c7dbba8 (diff) |
extensions: libxt_connmark: Add translation to nft
Add translation for connmark to nftables.
Examples:
$ sudo iptables-translate -A INPUT -m connmark --mark 2 -j ACCEPT
nft add rule ip filter INPUT ct mark 0x2 counter accept
$ sudo iptables-translate -A INPUT -m connmark ! --mark 2 -j ACCEPT
nft add rule ip filter INPUT ct mark != 0x2 counter accept
$ sudo iptables-translate -A INPUT -m connmark --mark 10/10 -j ACCEPT
nft add rule ip filter INPUT ct mark and 0xa == 0xa counter accept
$ sudo iptables-translate -A INPUT -m connmark ! --mark 10/10 -j ACCEPT
nft add rule ip filter INPUT ct mark and 0xa != 0xa counter accept
$ sudo iptables-translate -t mangle -A PREROUTING -p tcp --dport 40 -m
connmark --mark 0x40
nft add rule ip mangle PREROUTING tcp dport 40 ct mark 0x40 counter
Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libip6t_LOG.c')
0 files changed, 0 insertions, 0 deletions