Re: Why can't we use DNAT in the INPUT Chain?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Duncan Roe <duncan_roe@optusnet.com.au>
To: netfilter@vger.kernel.org
Subject: Re: Why can't we use DNAT in the INPUT Chain?
Date: Sun, 20 Aug 2017 12:15:15 +1000	[thread overview]
Message-ID: <20170820021515.GA3396@dimstar.local.net> (raw)
In-Reply-To: <8980c2d3-8a82-651f-2553-8e15fbebfec8@plouf.fr.eu.org>

On Sat, Aug 19, 2017 at 07:07:41PM +0200, Pascal Hambourg wrote:
> Le 19/08/2017 à 16:16, khawar shehzad a écrit :
[SNIP]
> > My solution is like the following, which is not working.
> >
> > table ip6 natcap {
> >          map natcap_vmap {
> >                  type ipv6_addr . ipv6_addr : verdict
> >                  elements = { 2001::20 . 2001::1:0:0:2 : accept}
> >          }
> >          chain prerouting_filter {
> >                  type filter hook prerouting priority -101; policy drop;
> >                  ip6 saddr . ip6 daddr vmap @natcap_vmap
> >          }
> (...)
>
> What is this syntax ? This is not iptables.
It's nftables, the reason I joined this list (to get my head around nftables ;)

Cheers ... Duncan.

next prev parent reply	other threads:[~2017-08-20  2:15 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-19 12:36 Why can't we use DNAT in the INPUT Chain? khawar shehzad
2017-08-19 13:28 ` /dev/rob0
2017-08-19 14:16   ` khawar shehzad
2017-08-19 17:07     ` Pascal Hambourg
2017-08-20  2:15       ` Duncan Roe [this message]
2017-08-20  7:31         ` khawar shehzad
2017-08-20  7:49           ` Pascal Hambourg
2017-08-19 16:44   ` Pascal Hambourg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170820021515.GA3396@dimstar.local.net \
    --to=duncan_roe@optusnet.com.au \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.