table ip ipfoo {
+ map t1 {
+ typeof numgen inc mod 2 : ip daddr
+ }
+
+ map t2 {
+ typeof numgen inc mod 2 : ip daddr . tcp dport
+ }
+
map x {
type ipv4_addr : ipv4_addr
}
ip saddr 10.1.1.2 tcp dport 42 dnat to 10.2.3.4:4242
meta l4proto tcp dnat ip addr . port to ip saddr map @y
dnat ip addr . port to ip saddr . tcp dport map @z
+ dnat to numgen inc mod 2 map @t1
+ meta l4proto tcp dnat ip addr . port to numgen inc mod 2 map @t2
}
}
table ip6 ip6foo {
+ map t1 {
+ typeof numgen inc mod 2 : ip6 daddr
+ }
+
+ map t2 {
+ typeof numgen inc mod 2 : ip6 daddr . tcp dport
+ }
+
map x {
type ipv6_addr : ipv6_addr
}
ip6 saddr dead::2 tcp dport 42 dnat to [c0::1a]:4242
meta l4proto tcp dnat ip6 addr . port to ip6 saddr map @y
dnat ip6 addr . port to ip6 saddr . tcp dport map @z
+ dnat to numgen inc mod 2 map @t1
+ meta l4proto tcp dnat ip6 addr . port to numgen inc mod 2 map @t2
}
}
table inet inetfoo {
+ map t1v4 {
+ typeof numgen inc mod 2 : ip daddr
+ }
+
+ map t2v4 {
+ typeof numgen inc mod 2 : ip daddr . tcp dport
+ }
+
+ map t1v6 {
+ typeof numgen inc mod 2 : ip6 daddr
+ }
+
+ map t2v6 {
+ typeof numgen inc mod 2 : ip6 daddr . tcp dport
+ }
+
map x4 {
type ipv4_addr : ipv4_addr
}
ip saddr 10.1.1.2 tcp dport 42 dnat ip to 10.2.3.4:4242
meta l4proto tcp meta nfproto ipv4 dnat ip addr . port to ip saddr map @y4
meta nfproto ipv4 dnat ip addr . port to ip saddr . tcp dport map @z4
+ dnat ip to numgen inc mod 2 map @t1v4
+ meta l4proto tcp dnat ip addr . port to numgen inc mod 2 map @t2v4
dnat ip6 to ip6 daddr map @x6
ip6 saddr dead::1 dnat ip6 to feed::1
ip6 saddr dead::2 tcp dport 42 dnat ip6 to [c0::1a]:4242
meta l4proto tcp meta nfproto ipv6 dnat ip6 addr . port to ip6 saddr map @y6
meta nfproto ipv6 dnat ip6 addr . port to ip6 saddr . tcp dport map @z6
+ dnat ip6 to numgen inc mod 2 map @t1v6
+ meta l4proto tcp dnat ip6 addr . port to numgen inc mod 2 map @t2v6
}
}
# skeleton
$NFT -f /dev/stdin <<EOF || exit 1
table ip ipfoo {
+ map t1 {
+ typeof numgen inc mod 2 : ip daddr;
+ }
+
+ map t2 {
+ typeof numgen inc mod 2 : ip daddr . tcp dport
+ }
+
map x {
type ipv4_addr : ipv4_addr
}
ip saddr 10.1.1.2 tcp dport 42 dnat to 10.2.3.4:4242
meta l4proto tcp dnat ip addr . port to ip saddr map @y
meta l4proto tcp dnat ip addr . port to ip saddr . tcp dport map @z
+ dnat ip to numgen inc mod 2 map @t1
+ meta l4proto tcp dnat ip addr . port to numgen inc mod 2 map @t2
}
}
EOF
# skeleton 6
$NFT -f /dev/stdin <<EOF || exit 1
table ip6 ip6foo {
+ map t1 {
+ typeof numgen inc mod 2 : ip6 daddr;
+ }
+
+ map t2 {
+ typeof numgen inc mod 2 : ip6 daddr . tcp dport
+ }
+
map x {
type ipv6_addr : ipv6_addr
}
ip6 saddr dead::2 tcp dport 42 dnat to [c0::1a]:4242
meta l4proto tcp dnat ip6 addr . port to ip6 saddr map @y
meta l4proto tcp dnat ip6 addr . port to ip6 saddr . tcp dport map @z
+ dnat ip6 to numgen inc mod 2 map @t1
+ meta l4proto tcp dnat ip6 addr . port to numgen inc mod 2 map @t2
}
}
EOF
# skeleton inet
$NFT -f /dev/stdin <<EOF || exit 1
table inet inetfoo {
+ map t1v4 {
+ typeof numgen inc mod 2 : ip daddr
+ }
+
+ map t2v4 {
+ typeof numgen inc mod 2 : ip daddr . tcp dport;
+ }
+
+ map t1v6 {
+ typeof numgen inc mod 2 : ip6 daddr;
+ }
+
+ map t2v6 {
+ typeof numgen inc mod 2 : ip6 daddr . tcp dport
+ }
+
map x4 {
type ipv4_addr : ipv4_addr
}
ip saddr 10.1.1.2 tcp dport 42 dnat to 10.2.3.4:4242
meta l4proto tcp dnat ip addr . port to ip saddr map @y4
meta l4proto tcp dnat ip addr . port to ip saddr . tcp dport map @z4
+ dnat ip to numgen inc mod 2 map @t1v4
+ meta l4proto tcp dnat ip addr . port to numgen inc mod 2 map @t2v4
dnat ip6 to ip6 daddr map @x6
ip6 saddr dead::1 dnat to feed::1
ip6 saddr dead::2 tcp dport 42 dnat to [c0::1a]:4242
meta l4proto tcp dnat ip6 addr . port to ip6 saddr map @y6
meta l4proto tcp dnat ip6 addr . port to ip6 saddr . tcp dport map @z6
+ dnat ip6 to numgen inc mod 2 map @t1v6
+ meta l4proto tcp dnat ip6 addr . port to numgen inc mod 2 map @t2v6
}
}
EOF
projects / thirdparty / nftables.git / commitdiff
