From 9d9b724cab2276a1ffa43e8376f2ed10282d07da Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Sat, 7 Apr 2018 00:44:49 +0200 Subject: xtables-compat: skip unsupported tables Instead of not listing anything at all if an unknown table name exists, just skip them. Output a small comment that the listing doesn't include the (unrecognized, nft-created) tables. Next patch will restrict 'is this table printable in xtables syntax' check to the "builtin" tables. Signed-off-by: Florian Westphal --- iptables/xtables-save.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'iptables/xtables-save.c') diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index 5b498b04..893b2b93 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -52,6 +52,11 @@ do_output(struct nft_handle *h, const char *tablename, bool counters) return 0; } + if (!nft_is_table_compatible(h, tablename)) { + printf("# Table `%s' is incompatible, use 'nft' tool.\n", tablename); + return 1; + } + chain_list = nft_chain_dump(h); time_t now = time(NULL); @@ -160,7 +165,8 @@ xtables_save_main(int family, const char *progname, int argc, char *argv[]) exit(1); } - if (nft_is_ruleset_compatible(&h) == 1) { + ret = nft_is_ruleset_compatible(&h); + if (ret) { printf("ERROR: You're using nft features that cannot be mapped to iptables, please keep using nft.\n"); exit(EXIT_FAILURE); } -- cgit v1.2.3