|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add translation of the ecn match to nftables.
Examples:
# iptables-translate -A INPUT -m ecn --ecn-ip-ect 0
nft add rule ip filter INPUT ip ecn not-ect counter
# iptables-translate -A INPUT -m ecn --ecn-ip-ect 1
nft add rule ip filter INPUT ip ecn ect1 counter
# iptables-translate -A INPUT -m ecn --ecn-ip-ect 2
nft add rule ip filter INPUT ip ecn ect0 counter
# iptables-translate -A INPUT -m ecn --ecn-ip-ect 3
nft add rule ip filter INPUT ip ecn ce counter
# iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 0
nft add rule ip filter INPUT ip ecn != not-ect counter
# iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 1
nft add rule ip filter INPUT ip ecn != ect1 counter
# iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 2
nft add rule ip filter INPUT ip ecn != ect0 counter
# iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 3
nft add rule ip filter INPUT ip ecn != ce counter
Signed-off-by: Roberto García <rodanber@gmail.com>
Reviewed-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|