|
|
A BPF compiler to convert tcpdump expressions to the decimal format
accepted by the libxt_bpf.
Generate a file and pass that to iptables:
nfbpf_compile RAW 'udp dst port 9000' > test.bpf
iptables -A OUTPUT -m bpf --bytecode-file test.bpf -j LOG
Or pass the output directly to iptables using backticks:
iptables -A INPUT -m bpf --bytecode \
"`./nfbpf_compile RAW 'udp dst port 9000'" -j LOG
This utility depends on libpcap. The library is only compiled if the option
--enable-bpf-compiler is explicitly passed to ./configure and libpcap is
found.
Pablo has mangled the original patch to rename the utility to
nfbpf_compile. Also modified the output to match exactly what
-m bpf --bytecode needs.
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
