summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2018-01-26 14:27:12 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2018-01-31 14:48:36 +0100
commitc38485441f4c153f28d2176e9ce17691244a3849 (patch)
treef2af73482976896f6de87445507dc28e96b44f46 /doc
parentff43c01bda0c9d469a00dfb251a5002a9947c1f0 (diff)
doc: dup and fwd statements
Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/nft.xml80
1 files changed, 80 insertions, 0 deletions
diff --git a/doc/nft.xml b/doc/nft.xml
index 6a95ea68..d5b9c27c 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -5000,6 +5000,86 @@ add rule nat prerouting tcp dport 22 redirect to :2222
</table>
</para>
</refsect2>
+ <refsect2>
+ <title>Dup statement</title>
+ <para>
+ The dup statement is used to duplicate a packet and send the copy to a different destination.
+ </para>
+ <para>
+ <cmdsynopsis>
+ <command>dup</command>
+ <arg choice="none">to
+ <replaceable>device</replaceable></arg>
+ </cmdsynopsis>
+ <cmdsynopsis>
+ <command>dup</command>
+ <arg choice="none">to
+ <replaceable>address</replaceable>
+ <arg choice="none">device</arg>
+ <replaceable>device</replaceable></arg>
+ </cmdsynopsis>
+ </para>
+ <para>
+ <table frame="all">
+ <title>Dup statement values</title>
+ <tgroup cols='3' align='left' colsep='1' rowsep='1'>
+ <colspec colname='c1'/>
+ <colspec colname='c2'/>
+ <colspec colname='c3'/>
+ <thead>
+ <row>
+ <entry>Expression</entry>
+ <entry>Description</entry>
+ <entry>Type</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>address</entry>
+ <entry>Specifies that the copy of the packet should be sent to a new gateway.</entry>
+ <entry>ipv4_addr, ipv6_addr, eg. abcd::1234, or you can use a mapping, eg. ip saddr map { 192.168.1.2 : 10.1.1.1 }</entry>
+ </row>
+ <row>
+ <entry>device</entry>
+ <entry>Specifies that the copy should be transmitted via device.</entry>
+ <entry>string</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </para>
+ <para>
+ <example>
+ <title>Using the dup statement</title>
+ <programlisting>
+# send to machine with ip address 10.2.3.4 on eth0
+ip filter forward dup to 10.2.3.4 device "eth0"
+
+# copy raw frame to another interface
+netdetv ingress dup to "eth0"
+dup to "eth0"
+
+# combine with map dst addr to gateways
+dup to ip daddr map { 192.168.7.1 : "eth0", 192.168.7.2 : "eth1" }
+ </programlisting>
+ </example>
+ </para>
+ </refsect2>
+ <refsect2>
+ <title>Fwd statement</title>
+ <para>
+ The fwd statement is used to redirect a raw packet to another interface. Its is only available in the netdev family ingress hook.
+ It is similar to the dup statement except that no copy is made.
+ </para>
+ <para>
+ <cmdsynopsis>
+ <command>fwd</command>
+ <arg choice="none">to
+ <replaceable>device</replaceable></arg>
+ </cmdsynopsis>
+ </para>
+ </refsect2>
+
</refsect1>
<refsect1>