Hello Pablo,
I would require some guidance regarding the libxt_multiport translation in nft.
If the translation is over ip4 family :
$ iptables-translate -A INPUT -p tcp -m multiport --ports 3:4 -j ACCEPT
nft add rule ip filter INPUT ip protocol tcp dport { 3-4 } tcp sport { 3-4 } counter accept
^^^^^^^^^^^
this causes problem.
Similarly for ipv6 :
$ ip6tables-translate -A input -p tcp -m multiport --dports 1024:2048,2049:3333 -j ACCEPT
nft add rule ip6 filter input meta l4proto tcp dport { 1024-2048,2049-3333 } counter accept
^^^^^^^^^^^^
this is causing problem.
both the strings "ip protocol" and "meta l4proto" is not introduced by libxt_multiport.
And in the absence of both , the command works.
For example ,
$ nft add rule ip filter INPUT tcp dport { 3-4 } tcp sport { 3-4 } counter accept
$ nft add rule ip6 filter input tcp dport { 1024-2048,2049-3333 } counter accept
Any comment regarding this behaviour ?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
