xref: /aosp_15_r20/external/iptables/extensions/libxt_sctp.txlate (revision a71a954618bbadd4a345637e5edcf36eec826889) 
1*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp --dport 80 -j DROP
2*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp dport 80 counter drop'
3*a71a9546SAutomerger Merge Worker
4*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp --sport 50 -j DROP
5*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp sport 50 counter drop'
6*a71a9546SAutomerger Merge Worker
7*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp ! --dport 80 -j DROP
8*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp dport != 80 counter drop'
9*a71a9546SAutomerger Merge Worker
10*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp ! --sport 50 -j DROP
11*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp sport != 50 counter drop'
12*a71a9546SAutomerger Merge Worker
13*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp --sport 80:100 -j ACCEPT
14*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp sport 80-100 counter accept'
15*a71a9546SAutomerger Merge Worker
16*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp --dport 50:56 -j ACCEPT
17*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp dport 50-56 counter accept'
18*a71a9546SAutomerger Merge Worker
19*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp ! --sport 80:100 -j ACCEPT
20*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp sport != 80-100 counter accept'
21*a71a9546SAutomerger Merge Worker
22*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp ! --dport 50:56 -j ACCEPT
23*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp dport != 50-56 counter accept'
24*a71a9546SAutomerger Merge Worker
25*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp --dport 80 --sport 50 -j ACCEPT
26*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp sport 50 sctp dport 80 counter accept'
27*a71a9546SAutomerger Merge Worker
28*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp --dport 80:100 --sport 50 -j ACCEPT
29*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp sport 50 sctp dport 80-100 counter accept'
30*a71a9546SAutomerger Merge Worker
31*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp --dport 80 --sport 50:55 -j ACCEPT
32*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp sport 50-55 sctp dport 80 counter accept'
33*a71a9546SAutomerger Merge Worker
34*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp ! --dport 80:100 --sport 50 -j ACCEPT
35*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp sport 50 sctp dport != 80-100 counter accept'
36*a71a9546SAutomerger Merge Worker
37*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp --dport 80 ! --sport 50:55 -j ACCEPT
38*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp sport != 50-55 sctp dport 80 counter accept'
39*a71a9546SAutomerger Merge Worker
40*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp --chunk-types all INIT,DATA:iUbE,SACK,ABORT:T -j ACCEPT
41*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp chunk data flags & 0xf == 0x5 sctp chunk init exists sctp chunk sack exists sctp chunk abort flags & 0x1 == 0x1 counter accept'
42*a71a9546SAutomerger Merge Worker
43*a71a9546SAutomerger Merge Workeriptables-translate -A INPUT -p sctp --chunk-types only SHUTDOWN_COMPLETE -j ACCEPT
44*a71a9546SAutomerger Merge Workernft 'add rule ip filter INPUT sctp chunk data missing sctp chunk init missing sctp chunk init-ack missing sctp chunk sack missing sctp chunk heartbeat missing sctp chunk heartbeat-ack missing sctp chunk abort missing sctp chunk shutdown missing sctp chunk shutdown-ack missing sctp chunk error missing sctp chunk cookie-echo missing sctp chunk cookie-ack missing sctp chunk ecne missing sctp chunk cwr missing sctp chunk shutdown-complete exists sctp chunk i-data missing sctp chunk re-config missing sctp chunk pad missing sctp chunk asconf missing sctp chunk asconf-ack missing sctp chunk forward-tsn missing sctp chunk i-forward-tsn missing counter accept'
45