diff options
author | Phil Sutter <phil@nwl.cc> | 2018-08-23 17:43:29 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-24 10:05:51 +0200 |
commit | 0800d9b46b377bc24f15af2c6ae22550b954b6e2 (patch) | |
tree | 24c3418a47ee262e9a05be318965de0a4effdf66 /extensions | |
parent | 4cf650c4276540a8405e53b3f29d759c080465b5 (diff) |
ip6tables-translate: Fix libip6t_mh.txlate test
Layer 4 protocol name "mobility-header" is not known by nft, so it's
neither printed nor accepted on input. Hence fix the test instead of
code.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libip6t_mh.txlate | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/extensions/libip6t_mh.txlate b/extensions/libip6t_mh.txlate index f5d638c0..ccc07c3d 100644 --- a/extensions/libip6t_mh.txlate +++ b/extensions/libip6t_mh.txlate @@ -1,5 +1,5 @@ ip6tables-translate -A INPUT -p mh --mh-type 1 -j ACCEPT -nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1 counter accept +nft add rule ip6 filter INPUT meta l4proto 135 mh type 1 counter accept ip6tables-translate -A INPUT -p mh --mh-type 1:3 -j ACCEPT -nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1-3 counter accept +nft add rule ip6 filter INPUT meta l4proto 135 mh type 1-3 counter accept |