Home
last modified time | relevance | path

Searched refs:iptables (Results 1 – 25 of 45) sorted by relevance

12

/linux/tools/testing/selftests/net/netfilter/
A Drpath.sh8 if iptables-legacy --version >/dev/null 2>&1; then
9 iptables='iptables-legacy'
10 elif iptables --version >/dev/null 2>&1; then
11 iptables='iptables'
13 iptables=''
30 if [ -z "$iptables$ip6tables$nft" ]; then
65 [ -n "$iptables" ] && {
67 if ! ip netns exec "$ns2" "$iptables" $common -m rpfilter;then
71 ip netns exec "$ns2" "$iptables" $common -m rpfilter --invert
122 [ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z
[all …]
A Dxt_string.sh39 iptables -A OUTPUT -o d0 -m string \
43 ip netns exec "$netns" iptables -v -S OUTPUT | grep '^-A'
46 ip netns exec "$netns" iptables -Z OUTPUT
A Dnf_nat_edemux.sh47 ip netns exec "$ns2" iptables -t nat -A OUTPUT -d 10.96.0.1/32 -p tcp --dport 443 -j DNAT --to-dest…
71 ip netns exec "$ns1" iptables -t nat -A PREROUTING -p tcp --dport 5202 -j REDIRECT --to-ports 5201
72 ip netns exec "$ns1" iptables -t nat -A PREROUTING -p tcp --dport 5203 -j REDIRECT --to-ports 5201
A Dconntrack_sctp_collision.sh58 ip net exec "$ROUTER_NS" iptables -A FORWARD -m state --state INVALID,UNTRACKED -j DROP
59 ip net exec "$ROUTER_NS" iptables -A INPUT -p sctp -j DROP
A Dbr_netfilter_queue.sh48 sysctl net.bridge.bridge-nf-call-iptables=1 || exit 1
/linux/Documentation/networking/
A Dtproxy.rst19 # iptables -t mangle -N DIVERT
20 # iptables -t mangle -A PREROUTING -p tcp -m socket --transparent -j DIVERT
21 # iptables -t mangle -A DIVERT -j MARK --set-mark 1
22 # iptables -t mangle -A DIVERT -j ACCEPT
59 usually done with the iptables REDIRECT target; however, there are serious
67 add rules like this to the iptables ruleset above::
69 # iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY \
87 To use tproxy you'll need to have the following modules compiled for iptables:
105 the HTTP listener you redirect traffic to with the TPROXY iptables
A Dbridge.rst258 packets with iptables and ip6tables. Its use is discouraged. Users should
270 br_netfilter is also the reason for the iptables *physdev* match:
272 apart in an iptables ruleset.
275 iptables/ip6tables/arptables do not work for bridged traffic because they
283 iptables matching capabilities (including conntrack). nftables doesn't have
/linux/tools/testing/selftests/net/netfilter/packetdrill/
A Dconntrack_inexact_rst.pkt17 +0 `iptables -A INPUT -p tcp -m conntrack --ctstate INVALID -j DROP`
18 +0 `iptables -A OUTPUT -p tcp -m conntrack --ctstate INVALID -j DROP`
61 +0 `iptables -v -S INPUT | grep INVALID | grep -q -- "-c 0 0"`
62 +0 `iptables -v -S OUTPUT | grep INVALID | grep -q -- "-c 0 0"`
A Dconntrack_synack_reuse.pkt8 +0 `iptables -A INPUT -m conntrack --ctstate INVALID -p tcp --tcp-flags SYN,ACK SYN,ACK`
34 +0 `iptables -v -S INPUT | grep INVALID | grep -q -- "-c 0 0"`
/linux/Documentation/admin-guide/cgroup-v1/
A Dnet_cls.rst10 Also, Netfilter (iptables) can use this tag to perform
42 configuring iptables, basic example::
44 iptables -A OUTPUT -m cgroup ! --cgroup 0x100001 -j DROP
/linux/tools/testing/selftests/net/mptcp/
A Dmptcp_sockopt.sh18 iptables="iptables"
53 for t in ${iptables} ${ip6tables}; do
108 mptcp_lib_check_tools ip "${iptables}" "${ip6tables}"
115 local tables=${iptables}
/linux/net/ipv4/netfilter/
A DKconfig128 iptables is a general, extensible packet identification framework.
184 local output. See the man page for iptables(8).
215 tristate "iptables NAT support"
222 This enables the `nat' table in iptables. This allows masquerading,
263 This option adds a `mangle' table to iptables: see the man page for
264 iptables(8). This table is used for various packet alterations
274 This option adds a `ECN' target, which can be used in the iptables mangle
298 This option adds a `raw' table to iptables. This table is the very
312 This option adds a `security' table to iptables, for use
/linux/tools/testing/selftests/bpf/prog_tests/
A Dbpf_nf.c52 const char *iptables = "iptables-legacy -t raw %s PREROUTING -j CONNMARK --set-mark 42/0"; in test_bpf_nf_ct() local
71 snprintf(cmd, sizeof(cmd), iptables, "-A"); in test_bpf_nf_ct()
140 snprintf(cmd, sizeof(cmd), iptables, "-D"); in test_bpf_nf_ct()
/linux/tools/testing/selftests/wireguard/
A Dnetns.sh199 n0 iptables -A INPUT -m length --length 1360 -j DROP
205 n0 iptables -F INPUT
337 n0 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 10.0.0.0/24 -j SNAT --to 10.0.0.1
351 n1 iptables -t mangle -I OUTPUT -j MARK --set-xmark 1
354 n1 iptables -t mangle -D OUTPUT -j MARK --set-xmark 1
388 n2 iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 192.168.241.0/24 -j SNAT --to 192.168.241.2
389 n0 iptables -t filter -A INPUT \! -s 10.0.0.0/24 -i vethrs -j DROP # Manual rpfilter just to be exp…
395 n0 iptables -t nat -F
396 n0 iptables -t filter -F
397 n2 iptables -t nat -F
/linux/samples/bpf/
A Drun_cookie_uid_helper_example.sh8 iptables -D OUTPUT -m bpf --object-pinned ${mnt_dir}/bpf_prog -j ACCEPT
/linux/tools/testing/selftests/net/
A Dxfrm_policy.sh185 ip netns exec $ns iptables-save -c |grep policy | ( read c rest
186 ip netns exec $ns iptables -Z
343 iptables --version 2>/dev/null >/dev/null
402 ip netns exec ${ns[3]} iptables -p icmp -A FORWARD -m policy --dir out --pol ipsec
403 ip netns exec ${ns[4]} iptables -p icmp -A FORWARD -m policy --dir out --pol ipsec
A Dudpgro_fwd.sh112 local ipt=iptables
198 IPT=iptables
A Dudpgro.sh79 ipt_cmd=iptables
/linux/net/bridge/
A DKconfig25 If you enable iptables support along with the bridge support then you
27 iptables will then see the IP packets being bridged, so you need to
/linux/net/ipv6/netfilter/
A DKconfig198 local output. See the man page for iptables(8).
232 This option adds a `mangle' table to iptables: see the man page for
233 iptables(8). This table is used for various packet alterations
256 This option adds a `security' table to iptables, for use
/linux/net/bridge/netfilter/
A DKconfig139 equivalent of the iptables limit match.
149 This value is the same as the one used in the iptables mark match and
204 This value is the same as the one used in the iptables mark match and
/linux/tools/testing/selftests/wireguard/qemu/
A DMakefile43 $(eval $(call tar_download,IPTABLES,iptables,1.8.7,.tar.bz2,https://www.netfilter.org/projects/ipta…
341 …)/bash $(IPROUTE2_PATH)/misc/ss $(IPROUTE2_PATH)/ip/ip $(IPTABLES_PATH)/iptables/xtables-legacy-mu…
430 $(IPTABLES_PATH)/iptables/xtables-legacy-multi: | $(IPTABLES_PATH)/.installed $(USERSPACE_DEPS)
/linux/net/netfilter/
A DKconfig435 controlled by iptables, ip6tables or nft.
830 This target can be used to fill in the checksum using iptables
1093 For it to work you will have to configure certain iptables rules
1143 iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
1202 If you say Y or M here, try `iptables -m cluster --help` for
1210 comments in your iptables ruleset.
1285 With this option enabled, you will be able to use the iptables
1514 iptables -A INPUT -m pkttype --pkt-type broadcast -j LOG
1544 key from the routing subsystem inside iptables.
1559 Short options are available by using 'iptables -m recent -h'
[all …]
/linux/Documentation/translations/it_IT/process/
A Dchanges.rst61 iptables 1.4.2 iptables -V
313 strumenti come nelle versioni del kernel antecedenti la 2.4.x (iptables).
522 - <https://netfilter.org/projects/iptables/index.html>
/linux/Documentation/process/
A Dchanges.rst58 iptables 1.4.2 iptables -V
339 kernel series (iptables). It still includes backwards-compatibility modules
563 - <https://netfilter.org/projects/iptables/index.html>

Completed in 47 milliseconds

12