Re: nftables portmap map

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 23 Dec 2024 at 17:15, Florian Westphal <fw@xxxxxxxxx> wrote:
>
> Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx> wrote:
> > l4proto . th dport map @hostport-map-v6
> > Error: transport protocol mapping is only valid after transport protocol match
> > add rule inet cni-kindnet prerouting dnat ip6 to ip6 daddr . meta
> > l4proto . th dport map @hostport-map-v6
> >                                      ~~~~
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Looks like a bug, fixed in nft 1.1.1

Perfect, in the meantime and for reference I solved it using a map per protocol

        map hostport-map-v6-tcp {
                type ipv6_addr . inet_service : ipv6_addr . inet_service
                flags interval
        }

        chain prerouting {
                type nat hook prerouting priority dstnat; policy accept;
                dnat ip6 to ip6 daddr . tcp dport map @hostport-map-v6-tcp
        }

Thanks for the help
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux