]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eeda228) | patch
src: support for arp sender and target ethernet and IPv4 addresses
authorPablo Neira Ayuso <pablo@netfilter.org>
Wed, 22 May 2019 20:06:16 +0000 (22:06 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 24 May 2019 19:14:30 +0000 (21:14 +0200)
commit4b0f2a712b5792d2842d89fe68d4230e0eb05c7e
tree954a866715d95529e65f39c3ff90920973186ac1tree
parenteeda228c2d1719f5b6276b40ad14a5b3c3e88536commit | diff
src: support for arp sender and target ethernet and IPv4 addresses

 # nft add table arp x
 # nft add chain arp x y { type filter hook input priority 0\; }
 # nft add rule arp x y arp saddr ip 192.168.2.1 counter

Testing this:

 # ip neigh flush dev eth0
 # ping 8.8.8.8
 # nft list ruleset
 table arp x {
        chain y {
                type filter hook input priority filter; policy accept;
                arp saddr ip 192.168.2.1 counter packets 1 bytes 46
        }
 }

You can also specify hardware sender address, eg.

 # nft add rule arp x y arp saddr ether aa:bb:cc:aa:bb:cc drop counter

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
doc/payload-expression.txt diff | blob | blame | history
include/headers.h diff | blob | blame | history
include/proto.h diff | blob | blame | history
src/parser_bison.y diff | blob | blame | history
src/proto.c diff | blob | blame | history
tests/py/arp/arp.t diff | blob | blame | history
tests/py/arp/arp.t.payload diff | blob | blame | history
tests/py/arp/arp.t.payload.netdev diff | blob | blame | history
Mirror of git://git.netfilter.org/nftables