]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: facb3d6) | patch
src: allow to specify the base chain type
authorPablo Neira Ayuso <pablo@netfilter.org>
Thu, 22 Aug 2013 15:26:31 +0000 (17:26 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 26 Aug 2013 22:38:01 +0000 (00:38 +0200)
commit2e27f2468ea69bd4ef15b7582e5d0ebe85c80da8
tree22ca140eb616714782908c7843559a6981afb9b9tree
parentfacb3d65ae911418ee10ca2fd1c1ed9a9749cf3bcommit | diff
src: allow to specify the base chain type

This patch allows you to specify the type of the base chain, eg.

add table mangle
add chain mangle OUTPUT { type route hook NF_INET_LOCAL_OUT 0; }

The chain type determines the semantics of the chain, we currently
have three types:

* filter, used for plain packet filtering.
* nat, it only sees the first packet of the flow.
* route, which is the equivalent of the iptables mangle table, that
  triggers a re-route if there is any change in some of the packet header
  fields, eg. IP TOS/DSCP, or the packet metainformation, eg. mark.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/rule.h diff | blob | blame | history
src/netlink.c diff | blob | blame | history
src/parser.y diff | blob | blame | history
src/rule.c diff | blob | blame | history
Mirror of git://git.netfilter.org/nftables