blob: bad9adc0285242e3618d45416852c533f30189e4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
# reject with icmp host-unreachable
bridge test-bridge input
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
[ reject type 0 code 1 ]
# reject with icmp net-unreachable
bridge test-bridge input
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
[ reject type 0 code 0 ]
# reject with icmp prot-unreachable
bridge test-bridge input
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
[ reject type 0 code 2 ]
# reject with icmp port-unreachable
bridge test-bridge input
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
[ reject type 0 code 3 ]
# reject with icmp net-prohibited
bridge test-bridge input
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
[ reject type 0 code 9 ]
# reject with icmp host-prohibited
bridge test-bridge input
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
[ reject type 0 code 10 ]
# reject with icmp admin-prohibited
bridge test-bridge input
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
[ reject type 0 code 13 ]
# reject with icmpv6 no-route
bridge test-bridge input
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x0000dd86 ]
[ reject type 0 code 0 ]
# reject with icmpv6 admin-prohibited
bridge test-bridge input
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x0000dd86 ]
[ reject type 0 code 1 ]
# reject with icmpv6 addr-unreachable
bridge test-bridge input
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x0000dd86 ]
[ reject type 0 code 3 ]
# reject with icmpv6 port-unreachable
bridge test-bridge input
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x0000dd86 ]
[ reject type 0 code 4 ]
# mark 12345 ip protocol tcp reject with tcp reset
bridge test-bridge input
[ meta load mark => reg 1 ]
[ cmp eq reg 1 0x00003039 ]
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
[ payload load 1b @ network header + 9 => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
[ reject type 1 code 0 ]
# reject
bridge test-bridge input
[ reject type 2 code 1 ]
# ether type ip reject
bridge test-bridge input
[ payload load 2b @ link header + 12 => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
[ reject type 0 code 3 ]
# ether type ip6 reject
bridge test-bridge input
[ payload load 2b @ link header + 12 => reg 1 ]
[ cmp eq reg 1 0x0000dd86 ]
[ reject type 0 code 4 ]
# reject with icmpx host-unreachable
bridge test-bridge input
[ reject type 2 code 2 ]
# reject with icmpx no-route
bridge test-bridge input
[ reject type 2 code 0 ]
# reject with icmpx admin-prohibited
bridge test-bridge input
[ reject type 2 code 3 ]
# reject with icmpx port-unreachable
bridge test-bridge input
[ reject type 2 code 1 ]
# ether type ip reject with icmpx admin-prohibited
bridge test-bridge input
[ payload load 2b @ link header + 12 => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
[ reject type 2 code 3 ]
# ether type ip6 reject with icmpx admin-prohibited
bridge test-bridge input
[ payload load 2b @ link header + 12 => reg 1 ]
[ cmp eq reg 1 0x0000dd86 ]
[ reject type 2 code 3 ]
# ether type vlan reject
bridge
[ payload load 2b @ link header + 12 => reg 1 ]
[ cmp eq reg 1 0x00000081 ]
[ reject type 2 code 1 ]
# ether type vlan reject with tcp reset
bridge
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
[ payload load 2b @ link header + 12 => reg 1 ]
[ cmp eq reg 1 0x00000081 ]
[ reject type 1 code 0 ]
# ether type 8021q reject with icmpx admin-prohibited
bridge
[ payload load 2b @ link header + 12 => reg 1 ]
[ cmp eq reg 1 0x00000081 ]
[ reject type 2 code 3 ]
|