git.ipfire.org Git - thirdparty/iptables.git/commit

author	Shivani Bhardwaj <shivanib134@gmail.com>
	Wed, 23 Dec 2015 14:33:33 +0000 (20:03 +0530)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 16 Feb 2016 18:30:23 +0000 (19:30 +0100)
commit	bdbf63b95176e6d7e7f968c9cb25d58d84fc729e
tree	bd0e52dfc921c53704652bec9dc3c151a4c6f825	tree \| snapshot
parent	b9a46ee40616582b4fca4aa395d52d048c7dbba8	commit \| diff

extensions: libxt_connmark: Add translation to nft

Add translation for connmark to nftables.

Examples:

$ sudo iptables-translate -A INPUT -m connmark --mark 2 -j ACCEPT
nft add rule ip filter INPUT ct mark 0x2 counter accept

$ sudo iptables-translate -A INPUT -m connmark ! --mark 2 -j ACCEPT
nft add rule ip filter INPUT ct mark != 0x2 counter accept

$ sudo iptables-translate -A INPUT -m connmark --mark 10/10 -j ACCEPT
nft add rule ip filter INPUT ct mark and 0xa == 0xa counter accept

$ sudo iptables-translate -A INPUT -m connmark ! --mark 10/10 -j ACCEPT
nft add rule ip filter INPUT ct mark and 0xa != 0xa counter accept

$ sudo iptables-translate -t mangle -A PREROUTING -p tcp --dport 40 -m
connmark --mark 0x40
nft add rule ip mangle PREROUTING tcp dport 40 ct mark 0x40 counter

Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>