On Wed, Jun 08, 2016 at 07:47:28PM +0200, Laura Garcia Liebana wrote:
> $ sudo iptables-translate -t filter -A INPUT -m frag --fragid 100:200 --fraglast -j ACCEPT
^^^^^^^^^^
> nft add rule ip6 filter INPUT frag id 100-200 frag more-fragments 1 counter accept
^^^^^^^^^^^^^^^^
> $ sudo iptables-translate -t filter -A INPUT -m frag --fragid 100:200 --fragfirst -j ACCEPT
> nft add rule ip6 filter INPUT frag id 100-200 frag frag-off 0 counter accept
>
> $ sudo iptables-translate -t filter -A INPUT -m frag --fraglast -j ACCEPT
^^^^^^^^^^
> nft add rule ip6 filter INPUT frag more-fragments 0 counter accept
^^^^^^^^^^^^^^^^
I'm going to mangle these inconsistencies in the patch description
given the code is fine (you probably just forgot to update the
patch description).
So applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
