Re: nftables portmap map

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>> nft add rule inet cni-kindnet prerouting dnat to ip daddr . ip protocol . th dport map @hostport-map-v4

>
> Strange, this version does work for me.
>
> table inet cni-kindnet {
>         map hostport-map-v4 {
>                 type ipv4_addr . inet_proto . inet_service : ipv4_addr . inet_service
>                 flags interval
>         }
>
>         chain prerouting {
>                 type nat hook prerouting priority dstnat; policy accept;
>                 dnat ip to ip daddr . ip protocol . th dport map @hostport-map-v4
>         }
> }

Yeah, it works for me too, it seems the difference is the "ip"
statement after the "dnat" ... "dnat ip to ip daddr ..."

Without that "ip" I can see with strace that it gets " -1 EAGAIN
(Resource temporarily unavailable)

Thanks for the help




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux