extensions/libip6t_ah.txlate

   1 ip6tables-translate -A INPUT -m ah --ahspi 500 -j DROP
   2 nft 'add rule ip6 filter INPUT ah spi 500 counter drop'
   3
   4 ip6tables-translate -A INPUT -m ah --ahspi 500:550 -j DROP
   5 nft 'add rule ip6 filter INPUT ah spi 500-550 counter drop'
   6
   7 ip6tables-translate -A INPUT -m ah ! --ahlen 120
   8 nft 'add rule ip6 filter INPUT ah hdrlength != 120 counter'
   9
  10 ip6tables-translate -A INPUT -m ah --ahres
  11 nft 'add rule ip6 filter INPUT ah reserved 1 counter'
  12
  13 ip6tables-translate -A INPUT -m ah --ahspi 500 ! --ahlen 120 -j DROP
  14 nft 'add rule ip6 filter INPUT ah spi 500 ah hdrlength != 120 counter drop'
  15
  16 ip6tables-translate -A INPUT -m ah --ahspi 500 --ahlen 120 --ahres -j ACCEPT
  17 nft 'add rule ip6 filter INPUT ah spi 500 ah hdrlength 120 ah reserved 1 counter accept'
  18
  19 ip6tables-translate -A INPUT -m ah --ahspi 0:4294967295
  20 nft 'add rule ip6 filter INPUT exthdr ah exists counter'
  21
  22 ip6tables-translate -A INPUT -m ah ! --ahspi 0:4294967295
  23 nft 'add rule ip6 filter INPUT ah spi != 0-4294967295 counter'