From 0800d9b46b377bc24f15af2c6ae22550b954b6e2 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 23 Aug 2018 17:43:29 +0200
Subject: ip6tables-translate: Fix libip6t_mh.txlate test

Layer 4 protocol name "mobility-header" is not known by nft, so it's
neither printed nor accepted on input. Hence fix the test instead of
code.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 extensions/libip6t_mh.txlate | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'extensions')

diff --git a/extensions/libip6t_mh.txlate b/extensions/libip6t_mh.txlate
index f5d638c0..ccc07c3d 100644
--- a/extensions/libip6t_mh.txlate
+++ b/extensions/libip6t_mh.txlate
@@ -1,5 +1,5 @@
 ip6tables-translate -A INPUT -p mh --mh-type 1 -j ACCEPT
-nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1 counter accept
+nft add rule ip6 filter INPUT meta l4proto 135 mh type 1 counter accept
 
 ip6tables-translate -A INPUT -p mh --mh-type 1:3 -j ACCEPT
-nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1-3 counter accept
+nft add rule ip6 filter INPUT meta l4proto 135 mh type 1-3 counter accept
-- 
cgit v1.2.3