nuttx-apps

sergiotarxz/nuttx-apps

Fork 0

Commit Graph

Author	SHA1	Message	Date
Zhe Weng	f620353507	system/iptables: Support ip6tables & filter table Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>	2024-06-21 10:16:01 +08:00
Zhe Weng	8ae06462eb	system/iptables: Support filter table Add supports for filter table, usage is same as Linux's iptables, including: - [!] -p/--protocol - [!] -s/--source -d/--destination - [!] -i/--in-interface -o/--out-interface - [!] --sport/--source-port --dport/--destination-port - [!] --icmp-type Examples: > iptables -P FORWARD DROP > iptables -I INPUT -i eth0 ! -p icmp -j DROP > iptables -t filter -A FORWARD -p tcp -s 10.0.1.2/24 -d 10.0.3.4/24 -i eth0 -o eth1 --sport 3000:3200 --dport 123:65535 -j ACCEPT > iptables -t filter -I FORWARD 2 -p icmp ! -s 123.123.123.123 ! -i eth0 -o eth1 ! --icmp-type 255 -j REJECT > iptables -L Chain INPUT (policy ACCEPT) target prot idev odev source destination DROP !icmp eth0 any anywhere anywhere Chain FORWARD (policy DROP) target prot idev odev source destination ACCEPT tcp eth0 eth1 10.0.1.2/24 10.0.3.4/24 tcp spts:3000:3200 dpts:123:65535 REJECT icmp !eth0 eth1 !123.123.123.123/32 anywhere icmp !type 255 Chain OUTPUT (policy ACCEPT) target prot idev odev source destination Note: - We're dropping dependency of argtable3, since it is difficult to support command like '! -p tcp ! -i eth0' Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>	2024-06-21 10:16:01 +08:00
Zhe Weng	19958f0428	apps/system: Add iptables command. Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>	2022-12-29 14:26:41 +08:00

Author

SHA1

Message

Date

Zhe Weng

f620353507

system/iptables: Support ip6tables & filter table

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>

2024-06-21 10:16:01 +08:00

Zhe Weng

8ae06462eb

system/iptables: Support filter table

Add supports for filter table, usage is same as Linux's iptables, including:
- [!] -p/--protocol
- [!] -s/--source -d/--destination
- [!] -i/--in-interface -o/--out-interface
- [!] --sport/--source-port --dport/--destination-port
- [!] --icmp-type

Examples:
> iptables -P FORWARD DROP
> iptables -I INPUT -i eth0 ! -p icmp -j DROP
> iptables -t filter -A FORWARD -p tcp -s 10.0.1.2/24 -d 10.0.3.4/24 -i eth0 -o eth1 --sport 3000:3200 --dport 123:65535 -j ACCEPT
> iptables -t filter -I FORWARD 2 -p icmp ! -s 123.123.123.123 ! -i eth0 -o eth1 ! --icmp-type 255 -j REJECT

> iptables -L
Chain INPUT (policy ACCEPT)
target        prot  idev  odev  source              destination
DROP         !icmp  eth0  any   anywhere            anywhere

Chain FORWARD (policy DROP)
target        prot  idev  odev  source              destination
ACCEPT        tcp   eth0  eth1  10.0.1.2/24         10.0.3.4/24        tcp spts:3000:3200 dpts:123:65535
REJECT        icmp !eth0  eth1 !123.123.123.123/32  anywhere           icmp !type 255

Chain OUTPUT (policy ACCEPT)
target        prot  idev  odev  source              destination

Note:
- We're dropping dependency of argtable3, since it is difficult to support command like '! -p tcp ! -i eth0'

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>

2024-06-21 10:16:01 +08:00

Zhe Weng

19958f0428

apps/system: Add iptables command.

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>

2022-12-29 14:26:41 +08:00

3 Commits