diff options
| -rw-r--r-- | extensions/libxt_sctp.c | 6 | ||||
| -rw-r--r-- | extensions/libxt_sctp.txlate | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c index e8312f0c..6b002402 100644 --- a/extensions/libxt_sctp.c +++ b/extensions/libxt_sctp.c @@ -535,8 +535,10 @@ static int sctp_xlate(struct xt_xlate *xl, const struct xt_sctp_info *einfo = (const struct xt_sctp_info *)params->match->data; - if (!einfo->flags) - return 0; + if (!einfo->flags) { + xt_xlate_add(xl, "meta l4proto sctp"); + return 1; + } if (einfo->flags & XT_SCTP_SRC_PORTS) { if (einfo->spts[0] != einfo->spts[1]) diff --git a/extensions/libxt_sctp.txlate b/extensions/libxt_sctp.txlate index 0aa7371d..67eb3279 100644 --- a/extensions/libxt_sctp.txlate +++ b/extensions/libxt_sctp.txlate @@ -1,3 +1,9 @@ +iptables-translate -A INPUT -m sctp -j DROP +nft 'add rule ip filter INPUT meta l4proto sctp counter drop' + +iptables-translate -A INPUT -p sctp -m sctp -j DROP +nft 'add rule ip filter INPUT meta l4proto sctp counter drop' + iptables-translate -A INPUT -p sctp --dport 80 -j DROP nft 'add rule ip filter INPUT sctp dport 80 counter drop' |