summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_conntrack.txlate
diff options
context:
space:
mode:
Diffstat (limited to 'extensions/libxt_conntrack.txlate')
-rw-r--r--extensions/libxt_conntrack.txlate8
1 files changed, 4 insertions, 4 deletions
diff --git a/extensions/libxt_conntrack.txlate b/extensions/libxt_conntrack.txlate
index 8cc7c504..45fba984 100644
--- a/extensions/libxt_conntrack.txlate
+++ b/extensions/libxt_conntrack.txlate
@@ -2,10 +2,10 @@ iptables-translate -t filter -A INPUT -m conntrack --ctstate NEW,RELATED -j ACCE
nft add rule ip filter INPUT ct state new,related counter accept
ip6tables-translate -t filter -A INPUT -m conntrack ! --ctstate NEW,RELATED -j ACCEPT
-nft add rule ip6 filter INPUT ct state & (new|related) == 0 counter accept
+nft add rule ip6 filter INPUT ct state ! new,related counter accept
ip6tables-translate -t filter -A INPUT -m conntrack ! --ctstate NEW -j ACCEPT
-nft add rule ip6 filter INPUT ct state & new == 0 counter accept
+nft add rule ip6 filter INPUT ct state ! new counter accept
iptables-translate -t filter -A INPUT -m conntrack --ctproto UDP -j ACCEPT
nft add rule ip filter INPUT ct original protocol 17 counter accept
@@ -35,10 +35,10 @@ iptables-translate -t filter -A INPUT -m conntrack --ctstatus EXPECTED -j ACCEPT
nft add rule ip filter INPUT ct status expected counter accept
iptables-translate -t filter -A INPUT -m conntrack ! --ctstatus CONFIRMED -j ACCEPT
-nft add rule ip filter INPUT ct status & confirmed == 0 counter accept
+nft add rule ip filter INPUT ct status ! confirmed counter accept
iptables-translate -t filter -A INPUT -m conntrack ! --ctstatus CONFIRMED,ASSURED -j ACCEPT
-nft add rule ip filter INPUT ct status & (assured|confirmed) == 0 counter accept
+nft add rule ip filter INPUT ct status ! assured,confirmed counter accept
iptables-translate -t filter -A INPUT -m conntrack --ctstatus CONFIRMED,ASSURED -j ACCEPT
nft add rule ip filter INPUT ct status assured,confirmed counter accept