|
Packit |
c5a612 |
:input;type filter hook input priority 0
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
*inet;test-inet;input
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
# The output is specific for inet family
|
|
Packit |
c5a612 |
reject with icmp type host-unreachable;ok;meta nfproto ipv4 reject with icmp type host-unreachable
|
|
Packit |
c5a612 |
reject with icmp type net-unreachable;ok;meta nfproto ipv4 reject with icmp type net-unreachable
|
|
Packit |
c5a612 |
reject with icmp type prot-unreachable;ok;meta nfproto ipv4 reject with icmp type prot-unreachable
|
|
Packit |
c5a612 |
reject with icmp type port-unreachable;ok;meta nfproto ipv4 reject
|
|
Packit |
c5a612 |
reject with icmp type net-prohibited;ok;meta nfproto ipv4 reject with icmp type net-prohibited
|
|
Packit |
c5a612 |
reject with icmp type host-prohibited;ok;meta nfproto ipv4 reject with icmp type host-prohibited
|
|
Packit |
c5a612 |
reject with icmp type admin-prohibited;ok;meta nfproto ipv4 reject with icmp type admin-prohibited
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
reject with icmpv6 type no-route;ok;meta nfproto ipv6 reject with icmpv6 type no-route
|
|
Packit |
c5a612 |
reject with icmpv6 type admin-prohibited;ok;meta nfproto ipv6 reject with icmpv6 type admin-prohibited
|
|
Packit |
c5a612 |
reject with icmpv6 type addr-unreachable;ok;meta nfproto ipv6 reject with icmpv6 type addr-unreachable
|
|
Packit |
c5a612 |
reject with icmpv6 type port-unreachable;ok;meta nfproto ipv6 reject
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
mark 12345 reject with tcp reset;ok;meta l4proto 6 meta mark 0x00003039 reject with tcp reset
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
reject;ok
|
|
Packit |
c5a612 |
meta nfproto ipv4 reject;ok
|
|
Packit |
c5a612 |
meta nfproto ipv6 reject;ok
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
reject with icmpx type host-unreachable;ok
|
|
Packit |
c5a612 |
reject with icmpx type no-route;ok
|
|
Packit |
c5a612 |
reject with icmpx type admin-prohibited;ok
|
|
Packit |
c5a612 |
reject with icmpx type port-unreachable;ok;reject
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
meta nfproto ipv4 reject with icmp type host-unreachable;ok
|
|
Packit |
c5a612 |
meta nfproto ipv6 reject with icmpv6 type no-route;ok
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
meta nfproto ipv6 reject with icmp type host-unreachable;fail
|
|
Packit |
c5a612 |
meta nfproto ipv4 ip protocol icmp reject with icmpv6 type no-route;fail
|
|
Packit |
c5a612 |
meta nfproto ipv6 ip protocol icmp reject with icmp type host-unreachable;fail
|
|
Packit |
c5a612 |
meta l4proto udp reject with tcp reset;fail
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
meta nfproto ipv4 reject with icmpx type admin-prohibited;ok
|
|
Packit |
c5a612 |
meta nfproto ipv6 reject with icmpx type admin-prohibited;ok
|