On Wed, Mar 09, 2016 at 08:09:27PM +0530, Piyush Pangtey wrote:
> Added full translation for multiport.
>
> Examples :
> $ iptables-translate -A INPUT -p tcp -m multiport --ports 3:4 -j ACCEPT
> nft add rule ip filter INPUT ip protocol tcp tcp dport { 3-4 } tcp sport { 3-4 }
> counter accept
>
> $ iptables-translate -A input -p sctp -m multiport --dports 11:18 -j ACCEPT
> nft add rule ip filter input ip protocol sctp sctp dport { 11-18 } counter
> accept
>
> $ iptables-translate -A input -p dccp -m multiport --ports 11:18 -j ACCEPT
> nft add rule ip filter input ip protocol dccp dccp dport { 11-18 } dccp sport {
> 11-18 } counter accept
>
> $ ip6tables-translate -A input -p dccp -m multiport --ports 11:18 -j ACCEPT
> nft add rule ip6 filter input meta l4proto dccp dccp dport { 11-18 } dccp sport
> { 11-18 } counter accept
>
> Signed-off-by: Piyush Pangtey <gokuvsvegita@xxxxxxxxx>
> ---
> v2:
> Corrected the translations , as suggested by Arturo Borrero González
>
> extensions/libxt_multiport.c | 171 ++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 170 insertions(+), 1 deletion(-)
>
> diff --git a/extensions/libxt_multiport.c b/extensions/libxt_multiport.c
> index 03af5a9..6358ffd 100644
> --- a/extensions/libxt_multiport.c
> +++ b/extensions/libxt_multiport.c
> @@ -18,6 +18,8 @@ enum {
> F_ANY = F_SOURCE_PORTS | F_DEST_PORTS | F_SD_PORTS,
> };
>
> +static const char *xlate_proto;
I don't like this global variable trick.
Please, use the ipt_ip and ip6t_ip information instead, which is will
be now available through this patch, so we pass information as
parameter to functions.
http://patchwork.ozlabs.org/patch/595128/
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
