• P
    netfilter: nf_tables: add range expression · 0f3cd9b3
    Pablo Neira Ayuso 提交于
    Inverse ranges != [a,b] are not currently possible because rules are
    composites of && operations, and we need to express this:
    
    	data < a || data > b
    
    This patch adds a new range expression. Positive ranges can be already
    through two cmp expressions:
    
    	cmp(sreg, data, >=)
    	cmp(sreg, data, <=)
    
    This new range expression provides an alternative way to express this.
    Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
    0f3cd9b3
Makefile 8.1 KB