| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | extensions: libxt_ipcomp: Add translation to nft | Laura Garcia Liebana | 2016-06-01 | 1 | -0/+13 |
| | | | | | | | | | | | | | | | | | | | Add translation of ipcomp to nftables. First value of the parameter 'ipcompspi' will be translated to 'cpi' parameter in nftables. Parameter 'compres' is not supported in nftables. Examples: $ sudo iptables-translate -t filter -A INPUT -m ipcomp --ipcompspi 0x12 -j ACCEPT nft add rule ip filter INPUT comp cpi 18 counter accept $ sudo iptables-translate -t filter -A INPUT -m ipcomp ! --ipcompspi 0x12 -j ACCEPT nft add rule ip filter INPUT comp cpi != 18 counter accept Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
| * | iptables: Add IPv4/6 IPcomp match support | fan.du | 2013-12-24 | 1 | -0/+116 |
| This patch enables user to set iptables ACTIONs for IPcomp flow specified by its SPI value. For example: iptables -A OUTPUT -p 108 -m ipcomp --ipcompspi 0x12 -j DROP ip6tables -A OUTPUT -p 108 -m ipcomp --ipcompspi 0x12 -j DROP IPcomp packet with spi as 0x12 will be dropped. Signed-off-by: Fan Du <fan.du@windriver.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |||||
 |
index : iptables | |
| iptables tree | pablo@netfilter.org |
| summaryrefslogtreecommitdiffstats |