From 11c464ed015b52a28d90c63c69e10e5f7d4053d4 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 5 May 2023 20:04:41 +0200 Subject: Add --compat option to *tables-nft and *-nft-restore commands The flag sets nft_handle::compat boolean, indicating a compatible rule implementation is wanted. Users expecting their created rules to be fetched from kernel by an older version of *tables-nft may use this to avoid potential compatibility issues. Changes since v1: - Expect short option '-C' in {ip,ip6,eb}tables-nft-restore command line parser - Support -C/--compat in arptables-nft-restore, too - Update man pages with the new flag Signed-off-by: Phil Sutter --- iptables/xtables-eb.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'iptables/xtables-eb.c') diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c index 08eec79d..ffd51efa 100644 --- a/iptables/xtables-eb.c +++ b/iptables/xtables-eb.c @@ -223,6 +223,7 @@ struct option ebt_original_options[] = { "init-table" , no_argument , 0, 11 }, { "concurrent" , no_argument , 0, 13 }, { "check" , required_argument, 0, 14 }, + { "compat" , no_argument , 0, 15 }, { 0 } }; @@ -335,7 +336,8 @@ static void print_help(const struct xtables_target *t, "--modprobe -M program : try to insert modules using this program\n" "--concurrent : use a file lock to support concurrent scripts\n" "--verbose -v : verbose mode\n" -"--version -V : print package version\n\n" +"--version -V : print package version\n" +"--compat : create rules compatible for parsing with old binaries\n\n" "Environment variable:\n" /*ATOMIC_ENV_VARIABLE " : if set (see above) will equal its value"*/ "\n\n"); @@ -1097,6 +1099,9 @@ print_zero: return 1; case 13 : break; + case 15: + h->compat = true; + break; case 1 : if (!strcmp(optarg, "!")) ebt_check_inverse2(optarg, argc, argv); -- cgit v1.2.3