diff options
Diffstat (limited to 'extensions/libxt_socket.txlate')
-rw-r--r-- | extensions/libxt_socket.txlate | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/extensions/libxt_socket.txlate b/extensions/libxt_socket.txlate new file mode 100644 index 00000000..7731e42e --- /dev/null +++ b/extensions/libxt_socket.txlate @@ -0,0 +1,17 @@ +# old socket match, no options. Matches if sk can be found and it is not bound to 0.0.0.0/:: +iptables-translate -A INPUT -m socket +nft 'add rule ip filter INPUT socket wildcard 0 counter' + +iptables-translate -A INPUT -m socket --transparent +nft 'add rule ip filter INPUT socket wildcard 0 socket transparent 1 counter' + +# Matches if sk can be found. Doesn't matter as to what addess it is bound to. +# therefore, emulate "exists". +iptables-translate -A INPUT -m socket --nowildcard +nft 'add rule ip filter INPUT socket wildcard le 1 counter' + +iptables-translate -A INPUT -m socket --restore-skmark +nft 'add rule ip filter INPUT socket wildcard 0 meta mark set socket mark counter' + +iptables-translate -A INPUT -m socket --transparent --nowildcard --restore-skmark +nft 'add rule ip filter INPUT socket transparent 1 meta mark set socket mark counter' |