diff options
Diffstat (limited to 'extensions/libip6t_rt.txlate')
-rw-r--r-- | extensions/libip6t_rt.txlate | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/extensions/libip6t_rt.txlate b/extensions/libip6t_rt.txlate new file mode 100644 index 00000000..6464cf9e --- /dev/null +++ b/extensions/libip6t_rt.txlate @@ -0,0 +1,14 @@ +ip6tables-translate -A INPUT -m rt --rt-type 0 -j DROP +nft add rule ip6 filter INPUT rt type 0 counter drop + +ip6tables-translate -A INPUT -m rt ! --rt-len 22 -j DROP +nft add rule ip6 filter INPUT rt hdrlength != 22 counter drop + +ip6tables-translate -A INPUT -m rt --rt-segsleft 26 -j ACCEPT +nft add rule ip6 filter INPUT rt seg-left 26 counter accept + +ip6tables-translate -A INPUT -m rt --rt-type 0 --rt-len 22 -j DROP +nft add rule ip6 filter INPUT rt type 0 rt hdrlength 22 counter drop + +ip6tables-translate -A INPUT -m rt --rt-type 0 --rt-len 22 ! --rt-segsleft 26 -j ACCEPT +nft add rule ip6 filter INPUT rt type 0 rt seg-left != 26 rt hdrlength 22 counter accept |