Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tests: py: remove duplicate payloads. | Jeremy Sowden | 2020-11-09 | 1 | -48/+0 |
| | | | | | | | | | nft-test.py only needs one payload per rule, but a number of rules have duplicates, typically one per address family, so just keep the last payload for rules listed more than once. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Florian Westphal <fw@strlen.de> | ||||
* | src: introduce SYNPROXY matching | Fernando Fernandez Mancera | 2019-07-17 | 1 | -0/+72 |
Add support for "synproxy" statement. For example (for TCP port 8888): table ip x { chain y { type filter hook prerouting priority raw; policy accept; tcp dport 8888 tcp flags syn notrack } chain z { type filter hook input priority filter; policy accept; tcp dport 8888 ct state invalid,untracked synproxy mss 1460 wscale 7 timestamp sack-perm ct state invalid drop } } Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |