Re: [PATCH] extensions: libxt_connmark: Add translation to nft

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Tue, 22 Dec 2015 17:47:39 +0100



On Tue, Dec 22, 2015 at 04:25:47PM +0530, Shivani Bhardwaj wrote:
> Add translation for connmark to nftables.
> 
> Examples:
> 
> $ sudo iptables-translate -A INPUT -m connmark --mark 1
> nft add rule ip filter INPUT ct mark 0x1 counter
> 
> $ sudo iptables-translate -A INPUT -m connmark --mark 10/10 -j ACCEPT
> nft add rule ip filter INPUT ct mark and 0xa == 0xa counter accept
> 
> $ sudo  sudo iptables-translate -t mangle -A PREROUTING -p tcp --dport 40 -m connmark --mark 0x40
> nft add rule ip mangle PREROUTING tcp dport 40 ct mark 0x40 counter

Please, fix the -m connmark ! --mark 10/10 case.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html