Re: Meaning of "." (dot) in netfilter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Ross,

On Fri, Dec 03, 2021 at 10:33:55PM -0800, Ross Boylan wrote:
> https://wiki.nftables.org/wiki-nftables/index.php/Simple_ruleset_for_a_home_router
> include a number of rules like
>
>         ip protocol . th dport vmap { tcp . 22 : accept, udp . 53 :
> accept, tcp . 53 : accept, udp . 67 : accept}
> with possibly 2 different uses of ".", namely 'ip protocol .'  and 'udp . 67'.
> What do those "."'s mean?
>
> I've looked in available documentation, but can't tell.
>
> Thanks.
> Ross Boylan

"." is the symbol for concatenation. It's been missing from the man page
forever.

I was going to submit a patch to add "." but wasn't really sure when you could
use it so I never did.

The rule defines a Verdict Map (vmap) whose elements are a concatenation of ip
protocol and Transport Header (th) Destination Port (dport). Accept tcp.ssh,
udp.domain, tcp.domain and udp.bootps (udp & tcp are IP protocols).

Post back if I didn't explain well enough.

cc: netfilter-devel in the hope someone could update the man page.

Cheers ... Duncan.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux