Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | xtables: Align return codes with legacy iptables | Phil Sutter | 2018-09-01 | 1 | -0/+38 |
| | | | | | | | | Make sure return codes match legacy ones at least for a few selected commands typically used to check ruleset state. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de> | ||||
* | xtables: Make 'iptables -S nonexisting' return non-zero | Phil Sutter | 2018-08-16 | 1 | -0/+64 |
| | | | | | | | | | | | | To be consistent with legacy iptables, calling -S with a non-existing chain should lead to an error message. This is how some scripts find out whether a user-defined chain exists or not. Make sure doing the same for an existing chain does succeed, even if an invalid rule number was given. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | xtables: Match verbose ip{,6}tables output with legacy | Phil Sutter | 2018-08-04 | 1 | -0/+51 |
Legacy ip{,6}tables prints feedback for various commands if in verbose mode, make sure nft variants do the same. There is one difference, namely when checking a rule (-C command): Legacy ip{,6}tables print the rule in any case, nft variants don't in case the rule wasn't found. Changing this though would require to populate the nftnl_rule object just for printing, which is probably not feasible. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de> |