diff options
Diffstat (limited to 'extensions/libip6t_mh.txlate')
-rw-r--r-- | extensions/libip6t_mh.txlate | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/extensions/libip6t_mh.txlate b/extensions/libip6t_mh.txlate index f5d638c0..13b4ba88 100644 --- a/extensions/libip6t_mh.txlate +++ b/extensions/libip6t_mh.txlate @@ -1,5 +1,14 @@ ip6tables-translate -A INPUT -p mh --mh-type 1 -j ACCEPT -nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1 counter accept +nft 'add rule ip6 filter INPUT mh type 1 counter accept' ip6tables-translate -A INPUT -p mh --mh-type 1:3 -j ACCEPT -nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1-3 counter accept +nft 'add rule ip6 filter INPUT mh type 1-3 counter accept' + +ip6tables-translate -A INPUT -p mh --mh-type 0:255 -j ACCEPT +nft 'add rule ip6 filter INPUT exthdr mh exists counter accept' + +ip6tables-translate -A INPUT -m mh --mh-type 0:255 -j ACCEPT +nft 'add rule ip6 filter INPUT exthdr mh exists counter accept' + +ip6tables-translate -A INPUT -p mh ! --mh-type 0:255 -j ACCEPT +nft 'add rule ip6 filter INPUT mh type != 0-255 counter accept' |