diff options
author | Phil Sutter <phil@nwl.cc> | 2022-11-24 14:17:17 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2022-12-13 14:59:55 +0100 |
commit | 79195a8cc9e9d9cf2d17165bf07ac4cc9d55539f (patch) | |
tree | e339339c6b37040ccd5603dddc55fe7fb32c38c0 /doc | |
parent | e432477f5c013d0ca56f9fc5f9ac7cf35301b0b9 (diff) |
xt: Rewrite unsupported compat expression dumping
Choose a format which provides more information and is easily parseable.
Then teach parsers about it and make it explicitly reject the ruleset
giving a meaningful explanation. Also update the man pages with some
more details.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/libnftables-json.adoc | 18 | ||||
-rw-r--r-- | doc/statements.txt | 17 |
2 files changed, 32 insertions, 3 deletions
diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc index bb59945f..d985149a 100644 --- a/doc/libnftables-json.adoc +++ b/doc/libnftables-json.adoc @@ -1059,10 +1059,22 @@ Assign connection tracking expectation. === XT [verse] -*{ "xt": null }* +____ +*{ "xt": { + "type":* 'TYPENAME'*, + "name":* 'STRING' +*}}* + +'TYPENAME' := *match* | *target* | *watcher* +____ + +This represents an xt statement from xtables compat interface. It is a +fallback if translation is not available or not complete. + +Seeing this means the ruleset (or parts of it) were created by *iptables-nft* +and one should use that to manage it. -This represents an xt statement from xtables compat interface. Sadly, at this -point, it is not possible to provide any further information about its content. +*BEWARE:* nftables won't restore these statements. == EXPRESSIONS Expressions are the building blocks of (most) statements. In their most basic diff --git a/doc/statements.txt b/doc/statements.txt index bda63bb3..9e0dd5a0 100644 --- a/doc/statements.txt +++ b/doc/statements.txt @@ -800,3 +800,20 @@ ____ # jump to different chains depending on layer 4 protocol type: nft add rule ip filter input ip protocol vmap { tcp : jump tcp-chain, udp : jump udp-chain , icmp : jump icmp-chain } ------------------------ + +XT STATEMENT +~~~~~~~~~~~~ +This represents an xt statement from xtables compat interface. It is a +fallback if translation is not available or not complete. + +[verse] +____ +*xt* 'TYPE' 'NAME' + +'TYPE' := *match* | *target* | *watcher* +____ + +Seeing this means the ruleset (or parts of it) were created by *iptables-nft* +and one should use that to manage it. + +*BEWARE:* nftables won't restore these statements. |