diff options
Diffstat (limited to 'extensions/generic.txlate')
-rw-r--r-- | extensions/generic.txlate | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/extensions/generic.txlate b/extensions/generic.txlate index b79239f1..9ad1266d 100644 --- a/extensions/generic.txlate +++ b/extensions/generic.txlate @@ -64,6 +64,36 @@ nft 'insert rule ip6 filter INPUT counter' ip6tables-translate -I INPUT ! -s ::/0 nft 'insert rule ip6 filter INPUT ip6 saddr != ::/0 counter' +iptables-translate -A FORWARD -p 132 +nft 'add rule ip filter FORWARD ip protocol sctp counter' + +ip6tables-translate -A FORWARD -p 132 +nft 'add rule ip6 filter FORWARD meta l4proto sctp counter' + +iptables-translate -A FORWARD ! -p 132 +nft 'add rule ip filter FORWARD ip protocol != sctp counter' + +ip6tables-translate -A FORWARD ! -p 132 +nft 'add rule ip6 filter FORWARD meta l4proto != sctp counter' + +iptables-translate -A FORWARD -p 141 +nft 'add rule ip filter FORWARD ip protocol 141 counter' + +ip6tables-translate -A FORWARD -p 141 +nft 'add rule ip6 filter FORWARD meta l4proto 141 counter' + +iptables-translate -A FORWARD ! -p 141 +nft 'add rule ip filter FORWARD ip protocol != 141 counter' + +ip6tables-translate -A FORWARD ! -p 141 +nft 'add rule ip6 filter FORWARD meta l4proto != 141 counter' + +iptables-translate -A FORWARD -m tcp --dport 22 -p tcp +nft 'add rule ip filter FORWARD tcp dport 22 counter' + +ip6tables-translate -A FORWARD -m tcp --dport 22 -p tcp +nft 'add rule ip6 filter FORWARD tcp dport 22 counter' + ebtables-translate -I INPUT -i iname --logical-in ilogname -s 0:0:0:0:0:0 nft 'insert rule bridge filter INPUT iifname "iname" meta ibrname "ilogname" ether saddr 00:00:00:00:00:00 counter' |