On Wednesday 09 March 2016 06:02 PM, Pablo Neira Ayuso wrote:
> On Wed, Mar 09, 2016 at 12:28:29PM +0530, FaTe wrote:
>> Added translation for the match multiport.
>>
>> Example :
>> $ iptables-translate -A INPUT -p tcp -m multiport --ports 3:4 -j ACCEPT
>> nft add rule ip filter INPUT ip protocol tcp dport { 3-4 } tcp sport { 3-4 }
>> counter accept
>>
>> $ iptables-translate -A INPUT -p tcp -m multiport --sports http,ssh,ftp -j
>> ACCEPT
>> nft add rule ip filter INPUT ip protocol tcp sport { 80,22,21 } counter accept
>>
>> $ iptables-translate -A INPUT -p tcp -m multiport --dports 1024:2048 -j ACCEPT
>> nft add rule ip filter INPUT ip protocol tcp dport { 1024-2048 } counter accept
>>
>> $ iptables-translate -A input -p tcp -m multiport --dports 1024:2048,2049:3333
>> -j ACCEPT
>> nft add rule ip filter input ip protocol tcp dport { 1024-2048,2049-3333 }
>> counter accept
>
> This translation is not correct as it's been discussed in a different
> thread.
>
I am unable to find that thread :( .
BTW i'm sending v2 for multiport translation which works correctly.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
