1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
:input;type filter hook input priority 0
:ingress;type filter hook ingress device lo priority 0
:egress;type filter hook egress device lo priority 0
*inet;test-inet;input
*netdev;test-netdev;ingress,egress
meta l4proto { tcp, udp, sctp} @th,16,16 { 22, 23, 80 };ok;meta l4proto { 6, 17, 132} th dport { 22, 23, 80}
meta l4proto tcp @th,16,16 { 22, 23, 80};ok;tcp dport { 22, 23, 80}
@nh,8,8 0xff;ok
@nh,8,16 0x0;ok
# out of range (0-1)
@th,16,1 2;fail
@ll,0,0 2;fail
@ll,0,1;fail
@ll,0,1 1;ok;@ll,0,8 & 0x80 == 0x80
@ll,0,8 & 0x80 == 0x80;ok
@ll,0,128 0xfedcba987654321001234567890abcde;ok
meta l4proto 91 @th,400,16 0x0 accept;ok
@ih,32,32 0x14000000;ok
|