On Wed, Mar 02, 2016 at 12:48:26PM +0100, Pablo Neira Ayuso wrote:
> On Wed, Mar 02, 2016 at 02:10:56AM +0530, Shivani Bhardwaj wrote:
> > Add translation for sctp to nftables.
> > Full translation of this match awaits the support for --chunk-types
> > option.
>
> Please, keep this documented in the wiki too so we remember there is a
> partial translation for this.
>
> > Examples:
> >
> > $ sudo iptables-translate -A INPUT -p sctp --dport 80 -j DROP
> > nft add rule ip filter INPUT sctp dport 80 counter drop
> >
> > $ sudo iptables-translate -A INPUT -p sctp ! --sport 80:100 -j ACCEPT
> > nft add rule ip filter INPUT sctp sport != 80-100 counter accept
>
> Applied, thanks Shivani.
Sorry, I have to keep this back.
This crazy thing seems to be valid:
iptables -I INPUT -p sctp -m sctp
and this will be translated as:
nft add rule filter INPUT ip protocol sctp sctp
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
