diff options
Diffstat (limited to 'extensions/libip6t_ah.txlate')
-rw-r--r-- | extensions/libip6t_ah.txlate | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/extensions/libip6t_ah.txlate b/extensions/libip6t_ah.txlate new file mode 100644 index 00000000..c6b09a2e --- /dev/null +++ b/extensions/libip6t_ah.txlate @@ -0,0 +1,17 @@ +ip6tables-translate -A INPUT -m ah --ahspi 500 -j DROP +nft add rule ip6 filter INPUT ah spi 500 counter drop + +ip6tables-translate -A INPUT -m ah --ahspi 500:550 -j DROP +nft add rule ip6 filter INPUT ah spi 500-550 counter drop + +ip6tables-translate -A INPUT -m ah ! --ahlen 120 +nft add rule ip6 filter INPUT ah hdrlength != 120 counter + +ip6tables-translate -A INPUT -m ah --ahres +nft add rule ip6 filter INPUT ah reserved 1 counter + +ip6tables-translate -A INPUT -m ah --ahspi 500 ! --ahlen 120 -j DROP +nft add rule ip6 filter INPUT ah spi 500 ah hdrlength != 120 counter drop + +ip6tables-translate -A INPUT -m ah --ahspi 500 --ahlen 120 --ahres -j ACCEPT +nft add rule ip6 filter INPUT ah spi 500 ah hdrlength 120 ah reserved 1 counter accept |