Difference between revisions of "Synproxy"
Jump to navigation
Jump to search
(Just a stub with example from nftables 0.9.3 release notes. Not ready for linking yet!) |
(No difference)
|
Revision as of 23:16, 7 April 2021
table ip foo {
synproxy https-synproxy {
mss 1460
wscale 7
timestamp sack-perm
}
synproxy other-synproxy {
mss 1460
wscale 5
}
chain pre {
type filter hook prerouting priority raw; policy accept;
tcp dport 8888 tcp flags syn notrack
}
chain bar {
type filter hook forward priority filter; policy accept;
ct state invalid,untracked synproxy name ip saddr map {
192.168.1.0/24 : "https-synproxy",
192.168.2.0/24 : "other-synproxy",
}
}
}
Support for using synproxy objects in maps was added in nftables 0.9.3.