diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-04-24 21:56:46 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-04-28 17:32:31 +0200 |
commit | 9599d9d25a6b383b72b119c709af33f6f6031786 (patch) | |
tree | 2ac2f19b9f5f55578ab6cebe25ebb35dea659492 /src/statement.c | |
parent | 2885cf2e65042b3dbc44fc232fd35840df255935 (diff) |
src: NAT support for intervals in maps
This patch allows you to specify an interval of IP address in maps.
table ip x {
chain y {
type nat hook postrouting priority srcnat; policy accept;
snat ip interval to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 }
}
}
The example above performs SNAT to packets that comes from 10.141.11.4
to an interval of IP addresses from 192.168.2.2 to 192.168.2.4 (both
included).
You can also combine this with dynamic maps:
table ip x {
map y {
type ipv4_addr : interval ipv4_addr
flags interval
elements = { 10.141.10.0/24 : 192.168.2.2-192.168.2.4 }
}
chain y {
type nat hook postrouting priority srcnat; policy accept;
snat ip interval to ip saddr map @y
}
}
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/statement.c')
-rw-r--r-- | src/statement.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/statement.c b/src/statement.c index 182edac8..5bbc0540 100644 --- a/src/statement.c +++ b/src/statement.c @@ -609,6 +609,8 @@ static void nat_stmt_print(const struct stmt *stmt, struct output_ctx *octx) if (stmt->nat.ipportmap) nft_print(octx, " addr . port"); + else if (stmt->nat.type_flags & STMT_NAT_F_INTERVAL) + nft_print(octx, " interval"); nft_print(octx, " to"); } |