Re: [iptables PATCH] extensions: libxt_addrtype: Add translation to nft

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Mar 08, 2017 at 02:06:14AM +0100, Phil Sutter wrote:
> Translate addrtype match into fib expression:
> 
> $ iptables-translate -A INPUT -m addrtype --src-type LOCAL
> nft add rule ip filter INPUT fib saddr type local counter
> 
> $ iptables-translate -A INPUT -m addrtype --dst-type LOCAL
> nft add rule ip filter INPUT fib daddr type local counter
> 
> $ iptables-translate -A INPUT -m addrtype ! --dst-type ANYCAST,LOCAL
> nft add rule ip filter INPUT fib daddr type != { local, anycast } counter
> 
> $ iptables-translate -A INPUT -m addrtype --limit-iface-in --dst-type ANYCAST,LOCAL
> nft add rule ip filter INPUT fib daddr . iif type { local, anycast } counter

Applied, thanks Phil.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux