git.ipfire.org Git - thirdparty/iptables.git/commit

author	Shivani Bhardwaj <shivanib134@gmail.com>
	Tue, 29 Dec 2015 18:24:25 +0000 (23:54 +0530)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 16 Feb 2016 18:30:24 +0000 (19:30 +0100)
commit	95a7a9df945790f92237e4d2e91f3d372d6a2ad5
tree	35d4ce594520c576f1ec000f7523c253fa69afeb	tree
parent	d4721236c2e8808958ada3d7b2548f4c473908a0	commit \| diff

extensions: libxt_length: Add translation to nft

Add translation for module length to nftables.

Examples:

$ sudo iptables-translate -A INPUT -p icmp -m length --length 86:0xffff -j DROP
nft add rule ip filter INPUT ip protocol icmp meta length 86-65535 counter drop

$ sudo iptables-translate -A INPUT -p udp -m length --length :400
nft add rule ip filter INPUT ip protocol udp meta length 0-400 counter

$ sudo iptables-translate -A INPUT -p udp -m length --length 40
nft add rule ip filter INPUT ip protocol udp meta length 40 counter

$ sudo iptables-translate -A INPUT -p udp -m length ! --length 40
nft add rule ip filter INPUT ip protocol udp meta length != 40 counter

Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>