git.ipfire.org Git - thirdparty/iptables.git/commit

author	Shivani Bhardwaj <shivanib134@gmail.com>
	Wed, 2 Mar 2016 19:15:55 +0000 (00:45 +0530)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 3 Mar 2016 12:22:30 +0000 (13:22 +0100)
commit	3d7d1afe43f6fb1e466671c8d2ce7517079b466a
tree	46e1081f82ee57aae072fd715d57ff9b16acc92b	tree
parent	6d4b93485055a83639806f4b1d085899f47a198a	commit \| diff

extensions: libxt_owner: Add translation to nft

Add translation for module owner to nftables.
Full translation of this match awaits the support for --socket-exists
option.

Examples:

$ sudo iptables-translate -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner root -j ACCEPT
nft add rule ip nat OUTPUT tcp dport 80 skuid 0 counter accept

$ sudo iptables-translate -t nat -A OUTPUT -p tcp --dport 80 -m owner --gid-owner 0-10 -j ACCEPT
nft add rule ip nat OUTPUT tcp dport 80 skgid 0-10 counter accept

$ sudo iptables-translate -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner shivani -j ACCEPT
nft add rule ip nat OUTPUT tcp dport 80 skuid != 1000 counter accept

Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>