diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-04-07 23:36:30 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-04-07 23:36:30 +0200 |
commit | 54370e1630e95755a6cfada95389bda34e8ffd83 (patch) | |
tree | f044d82bee325a28e872df9dcf07581ec460b240 | |
parent | 0ff9c79d6ae3205827e5af8b73c9195b967909c2 (diff) |
doc: revisit fib examples
There are several typos there that may confuse users, fix them.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | doc/nft.xml | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/doc/nft.xml b/doc/nft.xml index 31c664d8..57cf5cf1 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -1561,7 +1561,7 @@ filter output ip6 daddr ::1 </para> <programlisting> # match if route exists -filter input fib iif saddr exists +filter input fib daddr . iif oif exists # match only non-fragmented packets in IPv6 traffic filter input exthdr frag missing @@ -2147,13 +2147,13 @@ filter output oif eth0 <title>Using fib expressions</title> <programlisting> # drop packets without a reverse path -filter prerouting fib saddr . iif oif eq 0 drop +filter prerouting fib saddr . iif oif missing drop # drop packets to address not configured on ininterface -filter input fib daddr . iif type not { local, broadcast, multicast } drop +filter prerouting fib daddr . iif type != { local, broadcast, multicast } drop # perform lookup in a specific 'blackhole' table (0xdead, needs ip appropriate ip rule) -filter prerouting meta mark set 0xdead fib daddr . mark type vmap { backhole : drop, prohibit : jump prohibited, unreachable : drop } +filter prerouting meta mark set 0xdead fib daddr . mark type vmap { blackhole : drop, prohibit : jump prohibited, unreachable : drop } </programlisting> </example> </para> |