Difference between revisions of "List of available translations via iptables-translate tool"
(→xt) |
m (Add owner to translatable extensions. See commit 3d7d1afe4 in iptables-extensions repo) |
||
(13 intermediate revisions by 3 users not shown) | |||
Line 4: | Line 4: | ||
====xt==== | ====xt==== | ||
* addrtype | |||
* ipcomp | |||
* comment | * comment | ||
* connlabel | |||
* connmark | * connmark | ||
* conntrack | |||
* cpu | * cpu | ||
* dccp | |||
* devgroup | * devgroup | ||
* dscp | * dscp | ||
* ecn | |||
* esp | * esp | ||
* helper | * helper | ||
Line 16: | Line 22: | ||
* mac | * mac | ||
* mark | * mark | ||
* owner | |||
* pkttype | * pkttype | ||
* state | * state | ||
Line 38: | Line 45: | ||
====xt==== | ====xt==== | ||
* CLASSIFY | |||
* NFLOG | * NFLOG | ||
* NFQUEUE | * NFQUEUE | ||
* MARK | |||
* TEE | * TEE | ||
* TRACE | * TRACE | ||
Line 63: | Line 72: | ||
Following '''matches''' and '''targets''' are yet to be translated: | Following '''matches''' and '''targets''' are yet to be translated: | ||
== | == Partially translatable extensions == | ||
=== Matches === | === Matches === | ||
====xt==== | ====xt==== | ||
* multiport | * multiport | ||
[Waiting for support of --ports] | [Waiting for support of --ports] | ||
* owner | * owner | ||
[Waiting for support of --socket-exists] | [Waiting for support of --socket-exists] | ||
* sctp | * sctp | ||
[Waiting for support of --chunk-types] | [Waiting for support of --chunk-types] | ||
* | * time | ||
[Waiting for support | [Waiting for support of --monthdays] | ||
====ip==== | ====ip==== | ||
Line 100: | Line 92: | ||
*icmp6 | *icmp6 | ||
[Waiting for support of packet types] | [Waiting for support of packet types] | ||
* rt | * rt | ||
[Waiting for support of --rt-0-res, --rt-0-addrs, --rt-0-not-strict] (partial translations available) | [Waiting for support of --rt-0-res, --rt-0-addrs, --rt-0-not-strict] (partial translations available) | ||
Line 106: | Line 97: | ||
=== Targets === | === Targets === | ||
====xt==== | ====xt==== | ||
* CONNMARK | * CONNMARK | ||
[Waiting for support of --save-mark, --restore-mark, --set-mark and --set-xmark] (partial translations available)<br/> | [Waiting for support of --save-mark, --restore-mark, --set-mark and --set-xmark] (partial translations available)<br/> | ||
Line 123: | Line 109: | ||
* LOG | * LOG | ||
[Waiting for support of log-tcp-sequence, log-tcp-options, log-ip-options, log-uid, log-macdecode] (partial translations available) | [Waiting for support of log-tcp-sequence, log-tcp-options, log-ip-options, log-uid, log-macdecode] (partial translations available) | ||
== Untranslatable extensions == | |||
=== Matches === | |||
====xt==== | |||
* cgroup | |||
[Waiting for support of cgroup2 path-based in nft] | |||
* set | |||
[Waiting for support] | |||
: Suggestions for adding support: | |||
:* Add counters to each element of a set. A counter contains the number of packets that matched an element and the total number of bytes. There must be the option of enabling or disabling the update of counters' values at will. Also counters' values must be accesible in order to do comparisons. | |||
:* Sets must include different types of elements. Sets must have support for the "nomatch" flag. | |||
[[User:Robgc|Robgc]] ([[User talk:Robgc|talk]]) 21:48, 21 September 2016 (CEST) | |||
====ip6==== | |||
* ipv6header |
Latest revision as of 15:27, 5 February 2020
The following matches and targets (in alphabetic order) can be fully translated via iptables-translate tool:
Translatable extensions
Matches
xt
- addrtype
- ipcomp
- comment
- connlabel
- connmark
- conntrack
- cpu
- dccp
- devgroup
- dscp
- ecn
- esp
- helper
- iprange
- length
- limit
- mac
- mark
- owner
- pkttype
- state
- tcp
- udp
ip
- ah
- realm
- ttl
ip6
- ah
- frag
- hbh
- hl
- mh
Targets
xt
- CLASSIFY
- NFLOG
- NFQUEUE
- MARK
- TEE
- TRACE
ip
- DNAT
- MASQUERADE
- REDIRECT
- REJECT
- SNAT
ip6
- DNAT
- MASQUERADE
- REDIRECT
- REJECT
- SNAT
Following matches and targets are yet to be translated:
Partially translatable extensions
Matches
xt
- multiport
[Waiting for support of --ports]
- owner
[Waiting for support of --socket-exists]
- sctp
[Waiting for support of --chunk-types]
- time
[Waiting for support of --monthdays]
ip
- icmp
[Waiting for support of packet types]
ip6
- icmp6
[Waiting for support of packet types]
- rt
[Waiting for support of --rt-0-res, --rt-0-addrs, --rt-0-not-strict] (partial translations available)
Targets
xt
- CONNMARK
[Waiting for support of --save-mark, --restore-mark, --set-mark and --set-xmark] (partial translations available)
If --set-mark is used you must only specify the mark.
If --set-xmark is used you must specify the mark and the mask.
ip
- LOG
[Waiting for support of log-tcp-sequence, log-tcp-options, log-ip-options, log-uid, log-macdecode] (partial translations available)
ip6
- LOG
[Waiting for support of log-tcp-sequence, log-tcp-options, log-ip-options, log-uid, log-macdecode] (partial translations available)
Untranslatable extensions
Matches
xt
- cgroup
[Waiting for support of cgroup2 path-based in nft]
- set
[Waiting for support]
- Suggestions for adding support:
- Add counters to each element of a set. A counter contains the number of packets that matched an element and the total number of bytes. There must be the option of enabling or disabling the update of counters' values at will. Also counters' values must be accesible in order to do comparisons.
- Sets must include different types of elements. Sets must have support for the "nomatch" flag.
Robgc (talk) 21:48, 21 September 2016 (CEST)
ip6
- ipv6header