Home
last modified time | relevance | path

Searched refs:iptables (Results 1 – 25 of 45) sorted by relevance

12

/linux-6.15/tools/testing/selftests/net/netfilter/
H A Drpath.sh8 if iptables-legacy --version >/dev/null 2>&1; then
9 iptables='iptables-legacy'
10 elif iptables --version >/dev/null 2>&1; then
11 iptables='iptables'
13 iptables=''
30 if [ -z "$iptables$ip6tables$nft" ]; then
75 [ -n "$iptables" ] && {
78 if ! ip netns exec "$ns2" "$iptables" $common -m rpfilter;then
82 ip netns exec "$ns2" "$iptables" $common -m rpfilter --invert
136 [ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z
[all …]
H A Dxt_string.sh39 iptables -A OUTPUT -o d0 -m string \
43 ip netns exec "$netns" iptables -v -S OUTPUT | grep '^-A'
46 ip netns exec "$netns" iptables -Z OUTPUT
H A Dnf_nat_edemux.sh47 ip netns exec "$ns2" iptables -t nat -A OUTPUT -d 10.96.0.1/32 -p tcp --dport 443 -j DNAT --to-dest…
71 ip netns exec "$ns1" iptables -t nat -A PREROUTING -p tcp --dport 5202 -j REDIRECT --to-ports 5201
72 ip netns exec "$ns1" iptables -t nat -A PREROUTING -p tcp --dport 5203 -j REDIRECT --to-ports 5201
H A Dconntrack_sctp_collision.sh58 ip net exec "$ROUTER_NS" iptables -A FORWARD -m state --state INVALID,UNTRACKED -j DROP
59 ip net exec "$ROUTER_NS" iptables -A INPUT -p sctp -j DROP
H A Dbr_netfilter_queue.sh54 sysctl net.bridge.bridge-nf-call-iptables=1 || exit 1
/linux-6.15/Documentation/networking/
H A Dtproxy.rst19 # iptables -t mangle -N DIVERT
20 # iptables -t mangle -A PREROUTING -p tcp -m socket --transparent -j DIVERT
21 # iptables -t mangle -A DIVERT -j MARK --set-mark 1
22 # iptables -t mangle -A DIVERT -j ACCEPT
59 usually done with the iptables REDIRECT target; however, there are serious
67 add rules like this to the iptables ruleset above::
69 # iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY \
87 To use tproxy you'll need to have the following modules compiled for iptables:
105 the HTTP listener you redirect traffic to with the TPROXY iptables
H A Dbridge.rst258 packets with iptables and ip6tables. Its use is discouraged. Users should
270 br_netfilter is also the reason for the iptables *physdev* match:
272 apart in an iptables ruleset.
275 iptables/ip6tables/arptables do not work for bridged traffic because they
283 iptables matching capabilities (including conntrack). nftables doesn't have
/linux-6.15/net/ipv4/netfilter/
H A DKconfig19 iptables is a legacy packet classifier.
20 This is not needed if you are using iptables over nftables
21 (iptables-nft).
134 iptables is a general, extensible packet identification framework.
190 local output. See the man page for iptables(8).
221 tristate "iptables NAT support"
228 This enables the `nat' table in iptables. This allows masquerading,
270 iptables(8). This table is used for various packet alterations
304 This option adds a `raw' table to iptables. This table is the very
318 This option adds a `security' table to iptables, for use
[all …]
/linux-6.15/tools/testing/selftests/net/netfilter/packetdrill/
H A Dconntrack_inexact_rst.pkt17 +0 `iptables -A INPUT -p tcp -m conntrack --ctstate INVALID -j DROP`
18 +0 `iptables -A OUTPUT -p tcp -m conntrack --ctstate INVALID -j DROP`
61 +0 `iptables -v -S INPUT | grep INVALID | grep -q -- "-c 0 0"`
62 +0 `iptables -v -S OUTPUT | grep INVALID | grep -q -- "-c 0 0"`
H A Dconntrack_synack_reuse.pkt8 +0 `iptables -A INPUT -m conntrack --ctstate INVALID -p tcp --tcp-flags SYN,ACK SYN,ACK`
34 +0 `iptables -v -S INPUT | grep INVALID | grep -q -- "-c 0 0"`
/linux-6.15/Documentation/admin-guide/cgroup-v1/
H A Dnet_cls.rst10 Also, Netfilter (iptables) can use this tag to perform
42 configuring iptables, basic example::
44 iptables -A OUTPUT -m cgroup ! --cgroup 0x100001 -j DROP
/linux-6.15/tools/testing/selftests/net/mptcp/
H A Dmptcp_sockopt.sh18 iptables="iptables"
53 for t in ${iptables} ${ip6tables}; do
108 mptcp_lib_check_tools ip "${iptables}" "${ip6tables}"
115 local tables=${iptables}
/linux-6.15/tools/testing/selftests/bpf/prog_tests/
H A Dbpf_nf.c52 const char *iptables = "iptables-legacy -t raw %s PREROUTING -j CONNMARK --set-mark 42/0"; in test_bpf_nf_ct() local
71 snprintf(cmd, sizeof(cmd), iptables, "-A"); in test_bpf_nf_ct()
143 snprintf(cmd, sizeof(cmd), iptables, "-D"); in test_bpf_nf_ct()
/linux-6.15/tools/testing/selftests/wireguard/
H A Dnetns.sh199 n0 iptables -A INPUT -m length --length 1360 -j DROP
205 n0 iptables -F INPUT
338 n0 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 10.0.0.0/24 -j SNAT --to 10.0.0.1
352 n1 iptables -t mangle -I OUTPUT -j MARK --set-xmark 1
355 n1 iptables -t mangle -D OUTPUT -j MARK --set-xmark 1
389 n2 iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 192.168.241.0/24 -j SNAT --to 192.168.241.2
390 n0 iptables -t filter -A INPUT \! -s 10.0.0.0/24 -i vethrs -j DROP # Manual rpfilter just to be exp…
396 n0 iptables -t nat -F
397 n0 iptables -t filter -F
398 n2 iptables -t nat -F
/linux-6.15/net/ipv6/netfilter/
H A DKconfig17 This is not needed if you are using iptables over nftables
18 (iptables-nft).
205 local output. See the man page for iptables(8).
239 This option adds a `mangle' table to iptables: see the man page for
240 iptables(8). This table is used for various packet alterations
263 This option adds a `security' table to iptables, for use
/linux-6.15/tools/testing/selftests/net/
H A Dxfrm_policy.sh185 ip netns exec $ns iptables-save -c |grep policy | ( read c rest
186 ip netns exec $ns iptables -Z
343 iptables --version 2>/dev/null >/dev/null
402 ip netns exec ${ns[3]} iptables -p icmp -A FORWARD -m policy --dir out --pol ipsec
403 ip netns exec ${ns[4]} iptables -p icmp -A FORWARD -m policy --dir out --pol ipsec
H A Dudpgro_fwd.sh112 local ipt=iptables
198 IPT=iptables
H A Dudpgro.sh79 ipt_cmd=iptables
/linux-6.15/samples/bpf/
H A Drun_cookie_uid_helper_example.sh8 iptables -D OUTPUT -m bpf --object-pinned ${mnt_dir}/bpf_prog -j ACCEPT
/linux-6.15/net/bridge/
H A DKconfig25 If you enable iptables support along with the bridge support then you
27 iptables will then see the IP packets being bridged, so you need to
/linux-6.15/net/bridge/netfilter/
H A DKconfig50 (iptables-nft).
145 equivalent of the iptables limit match.
155 This value is the same as the one used in the iptables mark match and
210 This value is the same as the one used in the iptables mark match and
/linux-6.15/tools/testing/selftests/wireguard/qemu/
H A DMakefile43 $(eval $(call tar_download,IPTABLES,iptables,1.8.7,.tar.bz2,https://www.netfilter.org/projects/ipta…
341 …)/bash $(IPROUTE2_PATH)/misc/ss $(IPROUTE2_PATH)/ip/ip $(IPTABLES_PATH)/iptables/xtables-legacy-mu…
430 $(IPTABLES_PATH)/iptables/xtables-legacy-multi: | $(IPTABLES_PATH)/.installed $(USERSPACE_DEPS)
/linux-6.15/net/netfilter/
H A DKconfig435 controlled by iptables, ip6tables or nft.
830 This target can be used to fill in the checksum using iptables
1093 For it to work you will have to configure certain iptables rules
1143 iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
1202 If you say Y or M here, try `iptables -m cluster --help` for
1210 comments in your iptables ruleset.
1285 With this option enabled, you will be able to use the iptables
1514 iptables -A INPUT -m pkttype --pkt-type broadcast -j LOG
1544 key from the routing subsystem inside iptables.
1559 Short options are available by using 'iptables -m recent -h'
[all …]
/linux-6.15/Documentation/
H A DChanges58 iptables 1.4.2 iptables -V
338 kernel series (iptables). It still includes backwards-compatibility modules
557 - <https://netfilter.org/projects/iptables/index.html>
/linux-6.15/Documentation/translations/it_IT/process/
H A Dchanges.rst61 iptables 1.4.2 iptables -V
340 strumenti come nelle versioni del kernel antecedenti la 2.4.x (iptables).
549 - <https://netfilter.org/projects/iptables/index.html>

12