From 11c464ed015b52a28d90c63c69e10e5f7d4053d4 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 5 May 2023 20:04:41 +0200 Subject: Add --compat option to *tables-nft and *-nft-restore commands The flag sets nft_handle::compat boolean, indicating a compatible rule implementation is wanted. Users expecting their created rules to be fetched from kernel by an older version of *tables-nft may use this to avoid potential compatibility issues. Changes since v1: - Expect short option '-C' in {ip,ip6,eb}tables-nft-restore command line parser - Support -C/--compat in arptables-nft-restore, too - Update man pages with the new flag Signed-off-by: Phil Sutter --- iptables/arptables-nft-restore.8 | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'iptables/arptables-nft-restore.8') diff --git a/iptables/arptables-nft-restore.8 b/iptables/arptables-nft-restore.8 index 09d9082c..12ac9ebd 100644 --- a/iptables/arptables-nft-restore.8 +++ b/iptables/arptables-nft-restore.8 @@ -22,18 +22,23 @@ .SH NAME arptables-restore \- Restore ARP Tables (nft-based) .SH SYNOPSIS -\fBarptables\-restore +.BR arptables\-restore " [" --compat ] .SH DESCRIPTION -.PP .B arptables-restore is used to restore ARP Tables from data specified on STDIN or via a file as first argument. -Use I/O redirection provided by your shell to read from a file -.TP +Use I/O redirection provided by your shell to read from a file. +.P .B arptables-restore flushes (deletes) all previous contents of the respective ARP Table. +.TP +.BR -C , " --compat" +Create rules in a mostly compatible way, enabling older versions of +\fBarptables\-nft\fP to correctly parse the rules received from kernel. This +mode is only useful in very specific situations and will likely impact packet +filtering performance. + .SH AUTHOR Jesper Dangaard Brouer .SH SEE ALSO \fBarptables\-save\fP(8), \fBarptables\fP(8) -.PP -- cgit v1.2.3