ebtables: Default to extrapositioned negations

ebtables-nft has always supported both intra- and extrapositioned
negations but defaulted to intrapositioned when printing/saving rules.

With commit 58d364c7120b5 ("ebtables: Use do_parse() from xshared")
though, it started to warn about intrapositioned negations. So change
the default to avoid mandatory warnings when e.g. loading previously
dumped rulesets.

Also adjust test cases, help texts and ebtables-nft.8 accordingly.

Cc: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Phil Sutter <phil@nwl.cc>

1 files changed, 2 insertions, 2 deletions

diff --git a/extensions/libebt_ip.txlate b/extensions/libebt_ip.txlate
index 44ce9276..712ba3d1 100644
--- a/extensions/libebt_ip.txlate
+++ b/extensions/libebt_ip.txlate
@@ -1,4 +1,4 @@
-ebtables-translate -A FORWARD -p ip --ip-src ! 192.168.0.0/24 -j ACCEPT
+ebtables-translate -A FORWARD -p ip ! --ip-src 192.168.0.0/24 -j ACCEPT
 nft 'add rule bridge filter FORWARD ip saddr != 192.168.0.0/24 counter accept'
 
 ebtables-translate -I FORWARD -p ip --ip-dst 10.0.0.1
@@ -22,5 +22,5 @@ nft 'add rule bridge filter FORWARD icmp type 8 counter'
 ebtables-translate -A FORWARD -p ip --ip-proto icmp --ip-icmp-type 1/1
 nft 'add rule bridge filter FORWARD icmp type 1 icmp code 1 counter'
 
-ebtables-translate -A FORWARD -p ip --ip-protocol icmp --ip-icmp-type ! 1:10
+ebtables-translate -A FORWARD -p ip --ip-protocol icmp ! --ip-icmp-type 1:10
 nft 'add rule bridge filter FORWARD icmp type != 1-10 counter'