Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a82783c9 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: ip6t_NPT: restrict to mangle table 



As the translation is stateless, using it in nat table
doesn't work (only initial packet is translated).
filter table OUTPUT works but won't re-route the packet after translation.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent bae99f7a

net/ipv6/netfilter/ip6t_NPT.c

+2 −0
Original line number Diff line number Diff line
@@ -114,6 +114,7 @@ ip6t_dnpt_tg(struct sk_buff *skb, const struct xt_action_param *par) 
static struct xt_target ip6t_npt_target_reg[] __read_mostly = {

	{

		.name		= "SNPT",

		.table		= "mangle",

		.target		= ip6t_snpt_tg,

		.targetsize	= sizeof(struct ip6t_npt_tginfo),

		.checkentry	= ip6t_npt_checkentry,
@@ -124,6 +125,7 @@ static struct xt_target ip6t_npt_target_reg[] __read_mostly = { 
	},

	{

		.name		= "DNPT",

		.table		= "mangle",

		.target		= ip6t_dnpt_tg,

		.targetsize	= sizeof(struct ip6t_npt_tginfo),

		.checkentry	= ip6t_npt_checkentry,