blob: 7731e42eabf78da18180f611720e53e8a3c79125 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
# old socket match, no options. Matches if sk can be found and it is not bound to 0.0.0.0/::
iptables-translate -A INPUT -m socket
nft 'add rule ip filter INPUT socket wildcard 0 counter'
iptables-translate -A INPUT -m socket --transparent
nft 'add rule ip filter INPUT socket wildcard 0 socket transparent 1 counter'
# Matches if sk can be found. Doesn't matter as to what addess it is bound to.
# therefore, emulate "exists".
iptables-translate -A INPUT -m socket --nowildcard
nft 'add rule ip filter INPUT socket wildcard le 1 counter'
iptables-translate -A INPUT -m socket --restore-skmark
nft 'add rule ip filter INPUT socket wildcard 0 meta mark set socket mark counter'
iptables-translate -A INPUT -m socket --transparent --nowildcard --restore-skmark
nft 'add rule ip filter INPUT socket transparent 1 meta mark set socket mark counter'
|
