summaryrefslogtreecommitdiffstats
path: root/iptables/nft.c
diff options
context:
space:
mode:
Diffstat (limited to 'iptables/nft.c')
-rw-r--r--iptables/nft.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index 1fc12b0c..09ff9cf1 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1476,10 +1476,12 @@ int add_match(struct nft_handle *h, struct nft_rule_ctx *ctx,
case NFT_COMPAT_RULE_APPEND:
case NFT_COMPAT_RULE_INSERT:
case NFT_COMPAT_RULE_REPLACE:
- if (!strcmp(m->u.user.name, "limit"))
- return add_nft_limit(r, m);
- else if (!strcmp(m->u.user.name, "among"))
+ if (!strcmp(m->u.user.name, "among"))
return add_nft_among(h, r, m);
+ else if (h->compat)
+ break;
+ else if (!strcmp(m->u.user.name, "limit"))
+ return add_nft_limit(r, m);
else if (!strcmp(m->u.user.name, "udp"))
return add_nft_udp(h, r, m);
else if (!strcmp(m->u.user.name, "tcp"))
@@ -1544,7 +1546,7 @@ int add_target(struct nft_handle *h, struct nftnl_rule *r,
struct nftnl_expr *expr;
int ret;
- if (strcmp(t->u.user.name, "TRACE") == 0)
+ if (!h->compat && strcmp(t->u.user.name, "TRACE") == 0)
return add_meta_nftrace(r);
expr = nftnl_expr_alloc("target");