diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2009-10-29 15:35:10 +0100 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2009-10-29 15:35:10 +0100 |
commit | aa3c487f355ff1477b8369d9f0b9860387ae21d4 (patch) | |
tree | 2732075d79318d46c629d56d14374c235896cc70 /net/netfilter | |
parent | ed3f2e40f3d438f4a1ec0a898173116cb26f106a (diff) |
netfilter: xt_socket: make module available for INPUT chain
This should make it possible to test for the existence of local
sockets in the INPUT path.
References: http://marc.info/?l=netfilter-devel&m=125380481517129&w=2
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Balazs Scheidler <bazsi@balabit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/xt_socket.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c index 362afbd60a96..6a902564d24f 100644 --- a/net/netfilter/xt_socket.c +++ b/net/netfilter/xt_socket.c @@ -192,7 +192,8 @@ static struct xt_match socket_mt_reg[] __read_mostly = { .revision = 0, .family = NFPROTO_IPV4, .match = socket_mt_v0, - .hooks = 1 << NF_INET_PRE_ROUTING, + .hooks = (1 << NF_INET_PRE_ROUTING) | + (1 << NF_INET_LOCAL_IN), .me = THIS_MODULE, }, { @@ -201,7 +202,8 @@ static struct xt_match socket_mt_reg[] __read_mostly = { .family = NFPROTO_IPV4, .match = socket_mt_v1, .matchsize = sizeof(struct xt_socket_mtinfo1), - .hooks = 1 << NF_INET_PRE_ROUTING, + .hooks = (1 << NF_INET_PRE_ROUTING) | + (1 << NF_INET_LOCAL_IN), .me = THIS_MODULE, }, }; |