diff options
author | Florian Westphal <fw@strlen.de> | 2013-03-11 20:11:01 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-03-15 12:58:21 +0100 |
commit | a82783c91d5dce680dbd290ebf301a520b0e72a5 (patch) | |
tree | 068433e1189f5b5f0383e896bdb36f29298f40f0 /net/ipv6 | |
parent | bae99f7a1d372374aaf9ed8910f3b825da995b36 (diff) | |
download | linux-a82783c91d5dce680dbd290ebf301a520b0e72a5.tar.gz linux-a82783c91d5dce680dbd290ebf301a520b0e72a5.tar.bz2 linux-a82783c91d5dce680dbd290ebf301a520b0e72a5.zip |
netfilter: ip6t_NPT: restrict to mangle table
As the translation is stateless, using it in nat table
doesn't work (only initial packet is translated).
filter table OUTPUT works but won't re-route the packet after translation.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter/ip6t_NPT.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c index 83acc1405a18..33608c610276 100644 --- a/net/ipv6/netfilter/ip6t_NPT.c +++ b/net/ipv6/netfilter/ip6t_NPT.c @@ -114,6 +114,7 @@ ip6t_dnpt_tg(struct sk_buff *skb, const struct xt_action_param *par) static struct xt_target ip6t_npt_target_reg[] __read_mostly = { { .name = "SNPT", + .table = "mangle", .target = ip6t_snpt_tg, .targetsize = sizeof(struct ip6t_npt_tginfo), .checkentry = ip6t_npt_checkentry, @@ -124,6 +125,7 @@ static struct xt_target ip6t_npt_target_reg[] __read_mostly = { }, { .name = "DNPT", + .table = "mangle", .target = ip6t_dnpt_tg, .targetsize = sizeof(struct ip6t_npt_tginfo), .checkentry = ip6t_npt_checkentry, |