diff options
author | Phil Sutter <phil@nwl.cc> | 2021-05-04 16:03:24 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2021-05-19 09:53:14 +0200 |
commit | a61282ec6a1697bfb40f19d13a28a74559050167 (patch) | |
tree | 65121dad3f628c0719d9c811b8ca63eda45d4f1d /extensions/libxt_sctp.txlate | |
parent | 556f704458cdb509d395ddb7d2629987d60e762e (diff) |
extensions: sctp: Fix nftables translation
If both sport and dport was present, incorrect nft syntax was generated.
Fixes: defc7bd2bac89 ("extensions: libxt_sctp: Add translation to nft")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'extensions/libxt_sctp.txlate')
-rw-r--r-- | extensions/libxt_sctp.txlate | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/extensions/libxt_sctp.txlate b/extensions/libxt_sctp.txlate index 72f4641a..0d6c59e1 100644 --- a/extensions/libxt_sctp.txlate +++ b/extensions/libxt_sctp.txlate @@ -23,16 +23,16 @@ iptables-translate -A INPUT -p sctp ! --dport 50:56 -j ACCEPT nft add rule ip filter INPUT sctp dport != 50-56 counter accept iptables-translate -A INPUT -p sctp --dport 80 --sport 50 -j ACCEPT -nft add rule ip filter INPUT sctp sport 50 dport 80 counter accept +nft add rule ip filter INPUT sctp sport 50 sctp dport 80 counter accept iptables-translate -A INPUT -p sctp --dport 80:100 --sport 50 -j ACCEPT -nft add rule ip filter INPUT sctp sport 50 dport 80-100 counter accept +nft add rule ip filter INPUT sctp sport 50 sctp dport 80-100 counter accept iptables-translate -A INPUT -p sctp --dport 80 --sport 50:55 -j ACCEPT -nft add rule ip filter INPUT sctp sport 50-55 dport 80 counter accept +nft add rule ip filter INPUT sctp sport 50-55 sctp dport 80 counter accept iptables-translate -A INPUT -p sctp ! --dport 80:100 --sport 50 -j ACCEPT -nft add rule ip filter INPUT sctp sport 50 dport != 80-100 counter accept +nft add rule ip filter INPUT sctp sport 50 sctp dport != 80-100 counter accept iptables-translate -A INPUT -p sctp --dport 80 ! --sport 50:55 -j ACCEPT -nft add rule ip filter INPUT sctp sport != 50-55 dport 80 counter accept +nft add rule ip filter INPUT sctp sport != 50-55 sctp dport 80 counter accept |