git.ipfire.org Git - thirdparty/nftables.git/commit

author	Arturo Borrero <arturo.borrero.glez@gmail.com>
	Fri, 7 Nov 2014 11:39:35 +0000 (12:39 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sun, 9 Nov 2014 15:52:34 +0000 (16:52 +0100)
commit	b5dff507ccd1c666210de51af83fa730d6baf50a
tree	1ed1b94f35eb6d396a70042331a002aa79a1f7b0	tree \| snapshot
parent	950ae81b3aa6f8e604351042a05ad26ddad90a56	commit \| diff

parser: allow both nat_flags and port specification in redirect

This patch changes the parser to permit both nat_flags and port specification
in the redirect expression.

The resulting syntax is:
% nft add rule nat prerouting redirect [port] [nat_flags]

The port specification requires a bit of context regardin the transport
protocol. Some examples:
% nft add rule nat prerouting tcp dport 22 redirect :23
% nft add rule add prerouting udp dport 53 redirect :5353

The nat_flags argument is the last argument:
% nft add rule nat prerouting tdp dport 80 redirect :8080 random

The port specification can be a range:
% nft add rule nat prerouting tcp dport 80 redirect :8080-8090 random

While at it, the regression tests files are updated.

Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/parser.y		diff \| blob \| blame \| history
tests/regression/ip/redirect.t		diff \| blob \| blame \| history
tests/regression/ip6/redirect.t		diff \| blob \| blame \| history