diff options
| author | Phil Sutter <phil@nwl.cc> | 2022-11-24 14:17:17 +0100 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2022-12-13 14:59:55 +0100 |
| commit | 79195a8cc9e9d9cf2d17165bf07ac4cc9d55539f (patch) | |
| tree | e339339c6b37040ccd5603dddc55fe7fb32c38c0 /doc/statements.txt | |
| parent | e432477f5c013d0ca56f9fc5f9ac7cf35301b0b9 (diff) | |
xt: Rewrite unsupported compat expression dumping
Choose a format which provides more information and is easily parseable.
Then teach parsers about it and make it explicitly reject the ruleset
giving a meaningful explanation. Also update the man pages with some
more details.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'doc/statements.txt')
| -rw-r--r-- | doc/statements.txt | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/statements.txt b/doc/statements.txt index bda63bb3..9e0dd5a0 100644 --- a/doc/statements.txt +++ b/doc/statements.txt @@ -800,3 +800,20 @@ ____ # jump to different chains depending on layer 4 protocol type: nft add rule ip filter input ip protocol vmap { tcp : jump tcp-chain, udp : jump udp-chain , icmp : jump icmp-chain } ------------------------ + +XT STATEMENT +~~~~~~~~~~~~ +This represents an xt statement from xtables compat interface. It is a +fallback if translation is not available or not complete. + +[verse] +____ +*xt* 'TYPE' 'NAME' + +'TYPE' := *match* | *target* | *watcher* +____ + +Seeing this means the ruleset (or parts of it) were created by *iptables-nft* +and one should use that to manage it. + +*BEWARE:* nftables won't restore these statements. |