[Bug 1370] New: iptables-restore-translate

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed Oct 9 13:27:51 CEST 2019 

https://bugzilla.netfilter.org/show_bug.cgi?id=1370

            Bug ID: 1370
           Summary: iptables-restore-translate
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: tad1073 at gmail.com

Created attachment 571
  --> https://bugzilla.netfilter.org/attachment.cgi?id=571&action=edit
Untranslatable Rules

There are some rules could not be translated and I don't know enough about
nftables to translate them by hand, could I get some help with those rules?

# -t mangle -A PREROUTING -p tcp -m tcp --sport 53 -j TOS --set-tos 0x04/0xff 

# -t mangle -A PREROUTING -p tcp -m tcp --sport 512:65535 -j TOS --set-tos
0x10/0xff

# -t mangle -A POSTROUTING -d 199.201.233.88/32 -p tcp -j ECN --ecn-tcp-remove

# -t mangle -A POSTROUTING -p tcp -m tcp --dport 5353 -j TOS --set-tos
0x00/0xff 

# -t mangle -A POSTROUTING -p tcp -m tcp --dport 512:65535 -j TOS --set-tos
0x10/0xff

# -t filter -A INPUT -m recent --update --seconds 300 --hitcount 1 --name
DEFAULT --mask 255.255.255.255 --rsource -j DROP

# -t filter -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu

# -t filter -A FRAG_UDP -p udp -f -m recent --set --name DEFAULT --mask
255.255.255.255 --rsource -j DROP

# -t filter -A IN_SANITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE
-m recent --set --name DEFAULT --mask 255.255.255.255 --rsource -j DROP

# -t filter -A IN_SANITY -p tcp -m tcp --tcp-option 64 -j DROP

# -t filter -A PZERO -p tcp -m tcp --dport 0 -m recent --set --name DEFAULT
--mask 255.255.255.255 --rsource -j DROP

# -t filter -A RABPSCAN -p tcp -m tcp --dport 1 -m recent --set --name DEFAULT
--mask 255.255.255.255 --rsource -j DROP

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191009/aae2273f/attachment.html>

More information about the netfilter-buglog mailing list