Re: [PATCHv4] extensions: libip6t_frag: Add translation to nft

Pablo Neira Ayuso Tue, 14 Jun 2016 09:34:44 -0700

On Wed, Jun 08, 2016 at 07:47:28PM +0200, Laura Garcia Liebana wrote:
> $ sudo iptables-translate -t filter -A INPUT -m frag --fragid 100:200 
> --fraglast -j ACCEPT
                                                                        
^^^^^^^^^^
> nft add rule ip6 filter INPUT frag id 100-200 frag more-fragments 1 counter 
> accept
                                                     ^^^^^^^^^^^^^^^^
> $ sudo iptables-translate -t filter -A INPUT -m frag --fragid 100:200 
> --fragfirst -j ACCEPT
> nft add rule ip6 filter INPUT frag id 100-200 frag frag-off 0 counter accept
>
> $ sudo iptables-translate -t filter -A INPUT -m frag --fraglast -j ACCEPT
                                                       ^^^^^^^^^^
> nft add rule ip6 filter INPUT frag more-fragments 0 counter accept
                                     ^^^^^^^^^^^^^^^^


I'm going to mangle these inconsistencies in the patch description
given the code is fine (you probably just forgot to update the
patch description).

So applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCHv4] extensions: libip6t_frag: Add translation to nft

Reply via email to