NFTables.Expr.TCP (NFTables v0.8.2)

View Source

TCP protocol matching functions for Expr.

Provides functions for TCP-specific matching (flags, protocol).

Import

import NFTables.Expr.TCP

Examples

# TCP with SYN flag
tcp() |> tcp_flags([:syn], [:syn, :ack, :rst, :fin]) |> accept()

# TCP with ports
tcp() |> dport(22) |> accept()

# General protocol matching
protocol(:tcp) |> dport(80)

For more information, see the nftables TCP wiki.

Summary

Functions

protocol(builder \\ Expr.expr(), protocol)

Match protocol.

tcp(builder \\ Expr.expr())

Match TCP protocol. Convenience for protocol(:tcp).

tcp_flags(builder \\ Expr.expr(), flags, mask)

Match TCP flags.

Functions

protocol(builder \\ Expr.expr(), protocol)

@spec protocol(NFTables.Expr.t(), atom() | String.t()) :: NFTables.Expr.t()

Match protocol.

Supports dual-arity: can start a new expression or continue an existing one.

Example

# Start a new expression
protocol(:tcp)

# Continue an existing expression
builder |> protocol(:tcp)

# Using string
builder |> protocol("udp")

tcp(builder \\ Expr.expr())

@spec tcp(NFTables.Expr.t()) :: NFTables.Expr.t()

Match TCP protocol. Convenience for protocol(:tcp).

Supports dual-arity: can start a new expression or continue an existing one.

Example

# Start a new expression
tcp()

# Continue an existing expression
builder |> tcp() |> dport(22)

tcp_flags(builder \\ Expr.expr(), flags, mask)

@spec tcp_flags(NFTables.Expr.t(), [atom()], [atom()]) :: NFTables.Expr.t()

Match TCP flags.

Supports dual-arity: can start a new expression or continue an existing one.

Flags

  • :syn - Synchronize
  • :ack - Acknowledgment
  • :fin - Finish
  • :rst - Reset
  • :psh - Push
  • :urg - Urgent

Example

# Start a new expression
tcp_flags([:syn], [:syn, :ack, :rst, :fin])

# Continue an existing expression
builder |> tcp_flags([:syn], [:syn, :ack, :rst, :fin])

# Match SYN-ACK
builder |> tcp_flags([:syn, :ack], [:syn, :ack, :rst, :fin])