]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2885cf2) | patch
src: NAT support for intervals in maps
authorPablo Neira Ayuso <pablo@netfilter.org>
Fri, 24 Apr 2020 19:56:46 +0000 (21:56 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 28 Apr 2020 15:32:31 +0000 (17:32 +0200)
commit9599d9d25a6b383b72b119c709af33f6f6031786
tree2ac2f19b9f5f55578ab6cebe25ebb35dea659492tree
parent2885cf2e65042b3dbc44fc232fd35840df255935commit | diff
src: NAT support for intervals in maps

This patch allows you to specify an interval of IP address in maps.

 table ip x {
        chain y {
                type nat hook postrouting priority srcnat; policy accept;
                snat ip interval to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 }
        }
 }

The example above performs SNAT to packets that comes from 10.141.11.4
to an interval of IP addresses from 192.168.2.2 to 192.168.2.4 (both
included).

You can also combine this with dynamic maps:

 table ip x {
        map y {
                type ipv4_addr : interval ipv4_addr
                flags interval
                elements = { 10.141.10.0/24 : 192.168.2.2-192.168.2.4 }
        }

        chain y {
                type nat hook postrouting priority srcnat; policy accept;
                snat ip interval to ip saddr map @y
        }
 }

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/expression.h diff | blob | blame | history
include/statement.h diff | blob | blame | history
src/evaluate.c diff | blob | blame | history
src/mnl.c diff | blob | blame | history
src/netlink.c diff | blob | blame | history
src/netlink_delinearize.c diff | blob | blame | history
src/netlink_linearize.c diff | blob | blame | history
src/parser_bison.y diff | blob | blame | history
src/rule.c diff | blob | blame | history
src/statement.c diff | blob | blame | history
Mirror of git://git.netfilter.org/nftables