bugzilla-daemon at netfilter.org
2019-Oct-09 11:27 UTC
[Bug 1370] New: iptables-restore-translate
https://bugzilla.netfilter.org/show_bug.cgi?id=1370 Bug ID: 1370 Summary: iptables-restore-translate Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: tad1073 at gmail.com Created attachment 571 --> https://bugzilla.netfilter.org/attachment.cgi?id=571&action=edit Untranslatable Rules There are some rules could not be translated and I don't know enough about nftables to translate them by hand, could I get some help with those rules? # -t mangle -A PREROUTING -p tcp -m tcp --sport 53 -j TOS --set-tos 0x04/0xff # -t mangle -A PREROUTING -p tcp -m tcp --sport 512:65535 -j TOS --set-tos 0x10/0xff # -t mangle -A POSTROUTING -d 199.201.233.88/32 -p tcp -j ECN --ecn-tcp-remove # -t mangle -A POSTROUTING -p tcp -m tcp --dport 5353 -j TOS --set-tos 0x00/0xff # -t mangle -A POSTROUTING -p tcp -m tcp --dport 512:65535 -j TOS --set-tos 0x10/0xff # -t filter -A INPUT -m recent --update --seconds 300 --hitcount 1 --name DEFAULT --mask 255.255.255.255 --rsource -j DROP # -t filter -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu # -t filter -A FRAG_UDP -p udp -f -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource -j DROP # -t filter -A IN_SANITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource -j DROP # -t filter -A IN_SANITY -p tcp -m tcp --tcp-option 64 -j DROP # -t filter -A PZERO -p tcp -m tcp --dport 0 -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource -j DROP # -t filter -A RABPSCAN -p tcp -m tcp --dport 1 -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource -j DROP -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191009/aae2273f/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-09 11:31 UTC
[Bug 1370] iptables-restore-translate
https://bugzilla.netfilter.org/show_bug.cgi?id=1370 --- Comment #1 from Thomas <tad1073 at gmail.com> --- I can manage add rule ip mangle PREROUTING tcp sport etc... but the rest I don't know. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191009/55a7c89c/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-11 13:32 UTC
[Bug 1370] iptables-restore-translate
https://bugzilla.netfilter.org/show_bug.cgi?id=1370 --- Comment #2 from Thomas <tad1073 at gmail.com> --- add rule ip mangle prerouting tcp sport 512:65535 jump tos set tos 0x10/0xff add rule ip mangle postrouting ip daddr 63.251.212.130/32 tcp jump ecn ecn tcp remove add rule ip mangle postrouting ip daddr 199.201.233.88/32 jump ecn tcp remove Is this how to translate those iptables rules to nftables? -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191011/c6490df3/attachment.html>