Home
last modified time | relevance | path

Searched refs:iptables (Results 1 – 25 of 35) sorted by relevance

12

/linux/tools/testing/selftests/net/netfilter/
H A Drpath.sh8 if iptables-legacy --version >/dev/null 2>&1; then
9 iptables='iptables-legacy'
10 elif iptables --version >/dev/null 2>&1; then
11 iptables='iptables'
13 iptables=''
30 if [ -z "$iptables$ip6tables$nft" ]; then
75 [ -n "$iptables" ] && {
78 if ! ip netns exec "$ns2" "$iptables" $common -m rpfilter;then
82 ip netns exec "$ns2" "$iptables" $common -m rpfilter --invert
136 [ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z
[all …]
H A Dxt_string.sh39 iptables -A OUTPUT -o d0 -m string \
43 ip netns exec "$netns" iptables -v -S OUTPUT | grep '^-A'
46 ip netns exec "$netns" iptables -Z OUTPUT
H A Dnf_nat_edemux.sh47 ip netns exec "$ns2" iptables -t nat -A OUTPUT -d 10.96.0.1/32 -p tcp --dport 443 -j DNAT --to-dest…
71 ip netns exec "$ns1" iptables -t nat -A PREROUTING -p tcp --dport 5202 -j REDIRECT --to-ports 5201
72 ip netns exec "$ns1" iptables -t nat -A PREROUTING -p tcp --dport 5203 -j REDIRECT --to-ports 5201
H A Dconntrack_sctp_collision.sh58 ip net exec "$ROUTER_NS" iptables -A FORWARD -m state --state INVALID,UNTRACKED -j DROP
59 ip net exec "$ROUTER_NS" iptables -A INPUT -p sctp -j DROP
H A Dbr_netfilter_queue.sh54 sysctl net.bridge.bridge-nf-call-iptables=1 || exit 1
H A Dconntrack_ipip_mtu.sh190 ip netns exec "$r_a" iptables -A FORWARD -m conntrack --ctstate NEW
H A Dbr_netfilter.sh110 if ! ip netns exec "$ns0" sysctl -q net.bridge.bridge-nf-call-iptables=1; then
/linux/Documentation/networking/
H A Dtproxy.rst19 # iptables -t mangle -N DIVERT
20 # iptables -t mangle -A PREROUTING -p tcp -m socket --transparent -j DIVERT
21 # iptables -t mangle -A DIVERT -j MARK --set-mark 1
22 # iptables -t mangle -A DIVERT -j ACCEPT
59 usually done with the iptables REDIRECT target; however, there are serious
67 add rules like this to the iptables ruleset above::
69 # iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY \
87 To use tproxy you'll need to have the following modules compiled for iptables:
105 the HTTP listener you redirect traffic to with the TPROXY iptables
H A Dbridge.rst258 packets with iptables and ip6tables. Its use is discouraged. Users should
270 br_netfilter is also the reason for the iptables *physdev* match:
272 apart in an iptables ruleset.
275 iptables/ip6tables/arptables do not work for bridged traffic because they
283 iptables matching capabilities (including conntrack). nftables doesn't have
/linux/tools/testing/selftests/net/netfilter/packetdrill/
H A Dconntrack_inexact_rst.pkt17 +0 `iptables -A INPUT -p tcp -m conntrack --ctstate INVALID -j DROP`
18 +0 `iptables -A OUTPUT -p tcp -m conntrack --ctstate INVALID -j DROP`
61 +0 `iptables -v -S INPUT | grep INVALID | grep -q -- "-c 0 0"`
62 +0 `iptables -v -S OUTPUT | grep INVALID | grep -q -- "-c 0 0"`
H A Dconntrack_synack_reuse.pkt8 +0 `iptables -A INPUT -m conntrack --ctstate INVALID -p tcp --tcp-flags SYN,ACK SYN,ACK`
34 +0 `iptables -v -S INPUT | grep INVALID | grep -q -- "-c 0 0"`
/linux/Documentation/admin-guide/cgroup-v1/
H A Dnet_cls.rst10 Also, Netfilter (iptables) can use this tag to perform
42 configuring iptables, basic example::
44 iptables -A OUTPUT -m cgroup ! --cgroup 0x100001 -j DROP
/linux/tools/testing/selftests/bpf/prog_tests/
H A Dbpf_nf.c52 const char *iptables = "iptables-legacy -t raw %s PREROUTING -j CONNMARK --set-mark 42/0"; in test_bpf_nf_ct() local
71 snprintf(cmd, sizeof(cmd), iptables, "-A"); in test_bpf_nf_ct()
140 snprintf(cmd, sizeof(cmd), iptables, "-D"); in test_bpf_nf_ct()
/linux/tools/testing/selftests/net/
H A Dxfrm_policy.sh185 ip netns exec $ns iptables-save -c |grep policy | ( read c rest
186 ip netns exec $ns iptables -Z
343 iptables --version 2>/dev/null >/dev/null
402 ip netns exec ${ns[3]} iptables -p icmp -A FORWARD -m policy --dir out --pol ipsec
403 ip netns exec ${ns[4]} iptables -p icmp -A FORWARD -m policy --dir out --pol ipsec
H A Dudpgro_fwd.sh112 local ipt=iptables
198 IPT=iptables
H A Dudpgro.sh79 ipt_cmd=iptables
H A Dsrv6_end_dx4_netfilter_test.sh204 ip netns exec ${nsname} iptables -t raw -A PREROUTING -m rpfilter --invert -j DROP
H A Damt.sh168 ip netns exec "${RELAY}" iptables -t mangle -I PREROUTING \
/linux/samples/bpf/
H A Drun_cookie_uid_helper_example.sh8 iptables -D OUTPUT -m bpf --object-pinned ${mnt_dir}/bpf_prog -j ACCEPT
/linux/net/bridge/
H A DKconfig25 If you enable iptables support along with the bridge support then you
27 iptables will then see the IP packets being bridged, so you need to
/linux/tools/testing/selftests/wireguard/qemu/
H A DMakefile43 $(eval $(call tar_download,IPTABLES,iptables,1.8.7,.tar.bz2,https://www.netfilter.org/projects/ipta…
341 …)/bash $(IPROUTE2_PATH)/misc/ss $(IPROUTE2_PATH)/ip/ip $(IPTABLES_PATH)/iptables/xtables-legacy-mu…
430 $(IPTABLES_PATH)/iptables/xtables-legacy-multi: | $(IPTABLES_PATH)/.installed $(USERSPACE_DEPS)
/linux/net/netfilter/
H A DKconfig435 controlled by iptables, ip6tables or nft.
824 This option adds a `CHECKSUM' target, which can be used in the iptables mangle
830 This target can be used to fill in the checksum using iptables
954 iptables -A INPUT -p tcp --dport 22 -j LED --led-trigger-id ssh --led-delay 1000
969 any iptables table which records the packet header to the syslog.
1093 For it to work you will have to configure certain iptables rules
1143 iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
1202 If you say Y or M here, try `iptables -m cluster --help` for
1210 comments in your iptables ruleset.
1285 With this option enabled, you will be able to use the iptables
[all …]
/linux/Documentation/
H A DChanges58 iptables 1.4.2 iptables -V
338 kernel series (iptables). It still includes backwards-compatibility modules
557 - <https://netfilter.org/projects/iptables/index.html>
/linux/net/can/
H A DKconfig54 by the netlink configuration interface known e.g. from iptables.
/linux/net/
H A DKconfig201 a bridge with Network packet filtering enabled makes iptables "see"
209 <file:Documentation/Changes> under "iptables" for the location of
233 Enabling this option will let arptables resp. iptables see bridged

12