Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | netfilter: nft_masq: support port range | Pablo Neira Ayuso | 2016-03-02 | 1 | -1/+3 |
| | | | | | | Complete masquerading support by allowing port range selection. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | netfilter: nf_tables: restrict nat/masq expressions to nat chain type | Pablo Neira Ayuso | 2014-10-13 | 1 | -0/+3 |
| | | | | | | | | | | | | | | | | | | This adds the missing validation code to avoid the use of nat/masq from non-nat chains. The validation assumes two possible configuration scenarios: 1) Use of nat from base chain that is not of nat type. Reject this configuration from the nft_*_init() path of the expression. 2) Use of nat from non-base chain. In this case, we have to wait until the non-base chain is referenced by at least one base chain via jump/goto. This is resolved from the nft_*_validate() path which is called from nf_tables_check_loops(). The user gets an -EOPNOTSUPP in both cases. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | netfilter: nf_tables: add new nft_masq expression | Arturo Borrero | 2014-09-09 | 1 | -0/+16 |
The nft_masq expression is intended to perform NAT in the masquerade flavour. We decided to have the masquerade functionality in a separated expression other than nft_nat. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |