Layer 4 protocol name "mobility-header" is not known by nft, so it's neither printed nor accepted on input. Hence fix the test instead of code. Signed-off-by: Phil Sutter <phil@xxxxxx> --- extensions/libip6t_mh.txlate | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/extensions/libip6t_mh.txlate b/extensions/libip6t_mh.txlate index f5d638c09ca8a..ccc07c3d5ecb1 100644 --- a/extensions/libip6t_mh.txlate +++ b/extensions/libip6t_mh.txlate @@ -1,5 +1,5 @@ ip6tables-translate -A INPUT -p mh --mh-type 1 -j ACCEPT -nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1 counter accept +nft add rule ip6 filter INPUT meta l4proto 135 mh type 1 counter accept ip6tables-translate -A INPUT -p mh --mh-type 1:3 -j ACCEPT -nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1-3 counter accept +nft add rule ip6 filter INPUT meta l4proto 135 mh type 1-3 counter accept -- 2.18.0
