So, the question is: Can we FILTER packets (in my case accepting packets
which have a specific source IPv6 Addresses) before doing NAT in the
same box/machine/server (using iptables or nftables)?
On 8/20/2017 3:15 AM, Duncan Roe wrote:
On Sat, Aug 19, 2017 at 07:07:41PM +0200, Pascal Hambourg wrote:
Le 19/08/2017 à 16:16, khawar shehzad a écrit :
[SNIP]
My solution is like the following, which is not working.
table ip6 natcap {
map natcap_vmap {
type ipv6_addr . ipv6_addr : verdict
elements = { 2001::20 . 2001::1:0:0:2 : accept}
}
chain prerouting_filter {
type filter hook prerouting priority -101; policy drop;
ip6 saddr . ip6 daddr vmap @natcap_vmap
}
(...)
What is this syntax ? This is not iptables.
It's nftables, the reason I joined this list (to get my head around nftables ;)
Cheers ... Duncan.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
