git.ipfire.org Git - thirdparty/iptables.git/commit

author	Roberto García <rodanber@gmail.com>
	Wed, 29 Jun 2016 18:48:09 +0000 (20:48 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 1 Jul 2016 14:29:11 +0000 (16:29 +0200)
commit	ca42442093d3dd97808aeacf6f3abbfbf0beeca6
tree	b47c155cc2f6fc84e8dcae7b09473c9f8f4bcf61	tree \| snapshot
parent	6490f0bb953a9a1290fe24453073a452a552e1f5	commit \| diff

iptables: extensions: libxt_ecn: Add translation to nft

Add translation of the ecn match to nftables.

Examples:
  # iptables-translate -A INPUT -m ecn --ecn-ip-ect 0
  nft add rule ip filter INPUT ip ecn not-ect counter

  # iptables-translate -A INPUT -m ecn --ecn-ip-ect 1
  nft add rule ip filter INPUT ip ecn ect1 counter

  # iptables-translate -A INPUT -m ecn --ecn-ip-ect 2
  nft add rule ip filter INPUT ip ecn ect0 counter

  # iptables-translate -A INPUT -m ecn --ecn-ip-ect 3
  nft add rule ip filter INPUT ip ecn ce counter

  # iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 0
  nft add rule ip filter INPUT ip ecn != not-ect counter

  # iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 1
  nft add rule ip filter INPUT ip ecn != ect1 counter

  # iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 2
  nft add rule ip filter INPUT ip ecn != ect0 counter

  # iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 3
  nft add rule ip filter INPUT ip ecn != ce counter

Signed-off-by: Roberto García <rodanber@gmail.com>
Reviewed-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>