| /linux/tools/testing/selftests/net/netfilter/ |
| H A D | rpath.sh | 8 if iptables-legacy --version >/dev/null 2>&1; then
9 iptables='iptables-legacy'
10 elif iptables --version >/dev/null 2>&1; then
11 iptables='iptables'
13 iptables=''
30 if [ -z "$iptables$ip6tables$nft" ]; then
75 [ -n "$iptables" ] && {
78 if ! ip netns exec "$ns2" "$iptables" $common -m rpfilter;then
82 ip netns exec "$ns2" "$iptables" $common -m rpfilter --invert
136 [ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z
[all …]
|
| H A D | xt_string.sh | 39 iptables -A OUTPUT -o d0 -m string \
43 ip netns exec "$netns" iptables -v -S OUTPUT | grep '^-A'
46 ip netns exec "$netns" iptables -Z OUTPUT
|
| H A D | nf_nat_edemux.sh | 47 ip netns exec "$ns2" iptables -t nat -A OUTPUT -d 10.96.0.1/32 -p tcp --dport 443 -j DNAT --to-dest…
71 ip netns exec "$ns1" iptables -t nat -A PREROUTING -p tcp --dport 5202 -j REDIRECT --to-ports 5201
72 ip netns exec "$ns1" iptables -t nat -A PREROUTING -p tcp --dport 5203 -j REDIRECT --to-ports 5201
|
| H A D | conntrack_sctp_collision.sh | 58 ip net exec "$ROUTER_NS" iptables -A FORWARD -m state --state INVALID,UNTRACKED -j DROP
59 ip net exec "$ROUTER_NS" iptables -A INPUT -p sctp -j DROP
|
| H A D | br_netfilter_queue.sh | 48 sysctl net.bridge.bridge-nf-call-iptables=1 || exit 1
|
| H A D | conntrack_ipip_mtu.sh | 190 ip netns exec "$r_a" iptables -A FORWARD -m conntrack --ctstate NEW
|
| H A D | br_netfilter.sh | 104 if ! ip netns exec "$ns0" sysctl -q net.bridge.bridge-nf-call-iptables=1; then
|
| /linux/Documentation/networking/ |
| H A D | tproxy.rst | 19 # iptables -t mangle -N DIVERT
20 # iptables -t mangle -A PREROUTING -p tcp -m socket --transparent -j DIVERT
21 # iptables -t mangle -A DIVERT -j MARK --set-mark 1
22 # iptables -t mangle -A DIVERT -j ACCEPT
59 usually done with the iptables REDIRECT target; however, there are serious
67 add rules like this to the iptables ruleset above::
69 # iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY \
87 To use tproxy you'll need to have the following modules compiled for iptables:
105 the HTTP listener you redirect traffic to with the TPROXY iptables
|
| H A D | bridge.rst | 258 packets with iptables and ip6tables. Its use is discouraged. Users should
270 br_netfilter is also the reason for the iptables *physdev* match:
272 apart in an iptables ruleset.
275 iptables/ip6tables/arptables do not work for bridged traffic because they
283 iptables matching capabilities (including conntrack). nftables doesn't have
|
| /linux/tools/testing/selftests/net/netfilter/packetdrill/ |
| H A D | conntrack_inexact_rst.pkt | 17 +0 `iptables -A INPUT -p tcp -m conntrack --ctstate INVALID -j DROP`
18 +0 `iptables -A OUTPUT -p tcp -m conntrack --ctstate INVALID -j DROP`
61 +0 `iptables -v -S INPUT | grep INVALID | grep -q -- "-c 0 0"`
62 +0 `iptables -v -S OUTPUT | grep INVALID | grep -q -- "-c 0 0"`
|
| H A D | conntrack_synack_reuse.pkt | 8 +0 `iptables -A INPUT -m conntrack --ctstate INVALID -p tcp --tcp-flags SYN,ACK SYN,ACK`
34 +0 `iptables -v -S INPUT | grep INVALID | grep -q -- "-c 0 0"`
|
| /linux/Documentation/admin-guide/cgroup-v1/ |
| H A D | net_cls.rst | 10 Also, Netfilter (iptables) can use this tag to perform
42 configuring iptables, basic example::
44 iptables -A OUTPUT -m cgroup ! --cgroup 0x100001 -j DROP
|
| /linux/tools/testing/selftests/net/mptcp/ |
| H A D | mptcp_sockopt.sh | 18 iptables="iptables"
53 for t in ${iptables} ${ip6tables}; do
108 mptcp_lib_check_tools ip "${iptables}" "${ip6tables}"
115 local tables=${iptables}
|
| /linux/tools/testing/selftests/bpf/prog_tests/ |
| H A D | bpf_nf.c | 52 const char *iptables = "iptables-legacy -t raw %s PREROUTING -j CONNMARK --set-mark 42/0"; in test_bpf_nf_ct() local
71 snprintf(cmd, sizeof(cmd), iptables, "-A"); in test_bpf_nf_ct()
140 snprintf(cmd, sizeof(cmd), iptables, "-D"); in test_bpf_nf_ct()
|
| /linux/tools/testing/selftests/wireguard/ |
| H A D | netns.sh | 199 n0 iptables -A INPUT -m length --length 1360 -j DROP
205 n0 iptables -F INPUT
338 n0 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 10.0.0.0/24 -j SNAT --to 10.0.0.1
352 n1 iptables -t mangle -I OUTPUT -j MARK --set-xmark 1
355 n1 iptables -t mangle -D OUTPUT -j MARK --set-xmark 1
389 n2 iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 192.168.241.0/24 -j SNAT --to 192.168.241.2
390 n0 iptables -t filter -A INPUT \! -s 10.0.0.0/24 -i vethrs -j DROP # Manual rpfilter just to be explicit.
396 n0 iptables -t nat -F
397 n0 iptables -t filter -F
398 n2 iptables
[all...] |
| /linux/tools/testing/selftests/net/ |
| H A D | xfrm_policy.sh | 185 ip netns exec $ns iptables-save -c |grep policy | ( read c rest
186 ip netns exec $ns iptables -Z
343 iptables --version 2>/dev/null >/dev/null
402 ip netns exec ${ns[3]} iptables -p icmp -A FORWARD -m policy --dir out --pol ipsec
403 ip netns exec ${ns[4]} iptables -p icmp -A FORWARD -m policy --dir out --pol ipsec
|
| H A D | udpgro_fwd.sh | 112 local ipt=iptables
198 IPT=iptables
|
| H A D | udpgro.sh | 79 ipt_cmd=iptables
|
| H A D | srv6_end_dx4_netfilter_test.sh | 204 ip netns exec ${nsname} iptables -t raw -A PREROUTING -m rpfilter --invert -j DROP
|
| /linux/samples/bpf/ |
| H A D | run_cookie_uid_helper_example.sh | 8 iptables -D OUTPUT -m bpf --object-pinned ${mnt_dir}/bpf_prog -j ACCEPT
|
| /linux/net/bridge/ |
| H A D | Kconfig | 25 If you enable iptables support along with the bridge support then you
27 iptables will then see the IP packets being bridged, so you need to
|
| /linux/tools/testing/selftests/wireguard/qemu/ |
| H A D | Makefile | 43 $(eval $(call tar_download,IPTABLES,iptables,1.8.7,.tar.bz2,https://www.netfilter.org/projects/ipta…
341 …)/bash $(IPROUTE2_PATH)/misc/ss $(IPROUTE2_PATH)/ip/ip $(IPTABLES_PATH)/iptables/xtables-legacy-mu…
430 $(IPTABLES_PATH)/iptables/xtables-legacy-multi: | $(IPTABLES_PATH)/.installed $(USERSPACE_DEPS)
|
| /linux/net/netfilter/ |
| H A D | Kconfig | 435 controlled by iptables, ip6tables or nft.
824 This option adds a `CHECKSUM' target, which can be used in the iptables mangle
830 This target can be used to fill in the checksum using iptables
954 iptables -A INPUT -p tcp --dport 22 -j LED --led-trigger-id ssh --led-delay 1000
969 any iptables table which records the packet header to the syslog.
1093 For it to work you will have to configure certain iptables rules
1143 iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
1202 If you say Y or M here, try `iptables -m cluster --help` for
1210 comments in your iptables ruleset.
1285 With this option enabled, you will be able to use the iptables
[all …]
|
| /linux/Documentation/process/ |
| H A D | changes.rst | 58 iptables 1.4.2 iptables -V
339 kernel series (iptables). It still includes backwards-compatibility modules
563 - <https://netfilter.org/projects/iptables/index.html>
|
| /linux/Documentation/ |
| H A D | Changes | 58 iptables 1.4.2 iptables -V
339 kernel series (iptables). It still includes backwards-compatibility modules
563 - <https://netfilter.org/projects/iptables/index.html>
|