File: libxt_socket.txlate

package info (click to toggle)
iptables 1.8.11-4
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 6,792 kB
  • sloc: ansic: 53,482; sh: 7,810; xml: 772; python: 755; makefile: 271
file content (17 lines) | stat: -rw-r--r-- 851 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
 
# old socket match, no options.  Matches if sk can be found and it is not bound to 0.0.0.0/::
iptables-translate -A INPUT -m socket
nft 'add rule ip filter INPUT socket wildcard 0 counter'

iptables-translate -A INPUT -m socket --transparent
nft 'add rule ip filter INPUT socket wildcard 0 socket transparent 1 counter'

# Matches if sk can be found.  Doesn't matter as to what addess it is bound to.
# therefore, emulate "exists".
iptables-translate -A INPUT -m socket --nowildcard
nft 'add rule ip filter INPUT socket wildcard le 1 counter'

iptables-translate -A INPUT -m socket --restore-skmark
nft 'add rule ip filter INPUT socket wildcard 0 meta mark set socket mark counter'

iptables-translate -A INPUT -m socket --transparent --nowildcard --restore-skmark
nft 'add rule ip filter INPUT socket transparent 1 meta mark set socket mark counter'