On Fri, Mar 11, 2016 at 05:06:04PM +0530, Piyush Pangtey wrote:
> Added full translation for multiport
>
> Examples :
> $ iptables-translate -A input -p tcp -m multiport --ports ssh:http -j ACCEPT
> nft add rule ip filter input ip protocol tcp tcp dport { ssh - http } tcp sport
> { ssh - http } counter accept
You can translate this as:
nft add rule ip filter input ip protocol tcp tcp dport ssh-http ...
without the brackets.
The brackets have special semantics, they mean that the kernel will
use the set infrastructure to define the range. However, we don't need
a set for this small range since we support ranges natively.
Please, fix and resubmit, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
