diff options
author | Phil Sutter <phil@nwl.cc> | 2023-08-15 13:47:28 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-09-01 13:15:03 +0200 |
commit | 35ff97e9aca8cd301ff9b9a95b0a72de1aeb700b (patch) | |
tree | 5f4b36dfccf29e4290e48b3a7dfe6bc7dab5dbf2 /iptables/iptables.8.in | |
parent | 63e4a64e943be64a7e0486838071b981074e696d (diff) |
Revert --compat option related commits
This reverts the following commits:
b14c971db6db0 ("tests: Test compat mode")
11c464ed015b5 ("Add --compat option to *tables-nft and *-nft-restore commands")
ca709b5784c98 ("nft: Introduce and use bool nft_handle::compat")
402b9b3c07c81 ("nft: Pass nft_handle to add_{target,action}()")
This implementation of a compatibility mode implements rules using
xtables extensions if possible and thus relies upon existence of those
in kernel space. Assuming no viable replacement for the internal
mechanics of this mode will be found in foreseeable future, it will
effectively block attempts at deprecating and removing of these xtables
extensions in favor of nftables expressions and thus hinder upstream's
future plans for iptables.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/iptables.8.in')
-rw-r--r-- | iptables/iptables.8.in | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/iptables/iptables.8.in b/iptables/iptables.8.in index c0e92f27..ecaa5553 100644 --- a/iptables/iptables.8.in +++ b/iptables/iptables.8.in @@ -397,13 +397,6 @@ corresponding to that rule's position in the chain. \fB\-\-modprobe=\fP\fIcommand\fP When adding or inserting rules into a chain, use \fIcommand\fP to load any necessary modules (targets, match extensions, etc). -.TP -\fB\-\-compat\fP -This flag is only relevant with \fBnft\fP-variants and ignored otherwise. If -set, rules will be created in a mostly compatible way, enabling older versions -of \fBiptables\-nft\fP to correctly parse the rules received from kernel. This -mode is only useful in very specific situations and will likely impact packet -filtering performance. .SH LOCK FILE iptables uses the \fI@XT_LOCK_NAME@\fP file to take an exclusive lock at |