[Bug 1410] STATELESS, rules with notrack into a map
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Apr 16 10:25:22 CEST 2020
https://bugzilla.netfilter.org/show_bug.cgi?id=1410
--- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to Pablo Neira Ayuso from comment #3)
> (In reply to e.lohmann from comment #2)
> > Hi Pablo,
> >
> > thanks for your answer. No, what I like to do in RAW is the same I do in NAT
> > Pre/Post.
> >
> > dnat to ip daddr map { 1.1.1.1 : 2.2.2.2, 1.1.1.2 : 2.2.2.3 }
nft add rule raw PREROUTING ip daddr set ip daddr map { 1.1.1.1 : 2.2.2.2,
1.1.1.2 : 2.2.2.3 } notrack
If you would like to rewrite the destination address based in the existing
destination IP address.
Map lookups allow for any criteria, including concatenations, e.g.
nft add rule raw PREROUTING ip daddr set ip saddr . ip daddr map { 1.1.1.1 .
2.2.2.2 : 3.3.3.3, 1.1.1.2 . 2.2.2.1 : 4.4.4.4 } notrack
In this example, if packets are coming from 1.1.1.1 and going to 2.2.2.2, then
the IP destination address is rewritten to 3.3.3.3
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200416/6becd1f9/attachment.html>
More information about the netfilter-buglog
mailing list