| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | extensions: hashlimit: Rename 'flow table' keyword to meter | shyam saini | 2018-01-29 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | | After nft v0.8.1 "flow table" is renamed as meter. This should reflect in iptables to nftables translation. Before this patch: $ iptables-translate -A INPUT -m tcp -p tcp --dport 80 -m hashlimit --hashlimit-above 200/sec --hashlimit-mode srcip,dstport --hashlimit-name http1 -j DROP nft add rule ip filter INPUT tcp dport 80 flow table http1 { tcp dport . ip saddr limit rate over 200/second } counter drop After this patch: $ iptables-translate -A INPUT -m tcp -p tcp --dport 80 -m hashlimit --hashlimit-upto 200 --hashlimit-mode srcip --hashlimit-name http3 --hashlimit-srcmask 24 -j DROP nft add rule ip filter INPUT tcp dport 80 meter http3 { ip saddr and 255.255.255.0 limit rate 200/second } counter drop Signed-off-by: shyam saini <mayhs11saini@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
| * | tests: add regression tests for xtables-translate | Pablo M. Bermudo Garay | 2017-04-07 | 1 | -0/+5 |
| This test suite is intended to detect regressions in the translation infrastructure. The script checks if ip[6]tables-translate produces the expected output, otherwise it prints the wrong translation and the expected one. ** Arguments --all # Show also passed tests [test] # Run only the specified test file ** Test files structure Test files are located under extensions directory. Every file contains tests about specific extension translations. A test file name must end with ".txlate". Inside the files, every single test is defined by two consecutive lines: ip[6]tables-translate command and expected result. One blank line is left between tests by convention. e.g. $ cat extensions/libxt_cpu.txlate iptables-translate -A INPUT -p tcp --dport 80 -m cpu --cpu 0 -j ACCEPT nft add rule ip filter INPUT tcp dport 80 cpu 0 counter accept iptables-translate -A INPUT -p tcp --dport 80 -m cpu ! --cpu 1 -j ACCEPT nft add rule ip filter INPUT tcp dport 80 cpu != 1 counter accept Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |||||
 |
index : iptables | |
| iptables tree | pablo@netfilter.org |
| summaryrefslogtreecommitdiffstats |