On 26.06, Pablo Neira Ayuso wrote:
> We only support IPv4 and IPv6 at this moment.
That's not a restriction but just a module alias. If the module is
already loaded it will still be usable for any family.
Packets will of course simply get dropped by nf_queue(). If we
really want to restrict this, we'd also have to restrict queueing
verdict codes for other families.
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> ---
> net/netfilter/nft_queue.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/netfilter/nft_queue.c b/net/netfilter/nft_queue.c
> index 96805d2..45b9f7f 100644
> --- a/net/netfilter/nft_queue.c
> +++ b/net/netfilter/nft_queue.c
> @@ -129,4 +129,5 @@ module_exit(nft_queue_module_exit);
>
> MODULE_LICENSE("GPL");
> MODULE_AUTHOR("Eric Leblond <eric@xxxxxxxxx>");
> -MODULE_ALIAS_NFT_EXPR("queue");
> +MODULE_ALIAS_NFT_AF_EXPR(AF_INET, "queue");
> +MODULE_ALIAS_NFT_AF_EXPR(AF_INET6, "queue");
> --
> 1.7.10.4
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
