From 79195a8cc9e9d9cf2d17165bf07ac4cc9d55539f Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 24 Nov 2022 14:17:17 +0100
Subject: xt: Rewrite unsupported compat expression dumping

Choose a format which provides more information and is easily parseable.
Then teach parsers about it and make it explicitly reject the ruleset
giving a meaningful explanation. Also update the man pages with some
more details.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 doc/statements.txt | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'doc/statements.txt')

diff --git a/doc/statements.txt b/doc/statements.txt
index bda63bb3..9e0dd5a0 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -800,3 +800,20 @@ ____
 # jump to different chains depending on layer 4 protocol type:
 nft add rule ip filter input ip protocol vmap { tcp : jump tcp-chain, udp : jump udp-chain , icmp : jump icmp-chain }
 ------------------------
+
+XT STATEMENT
+~~~~~~~~~~~~
+This represents an xt statement from xtables compat interface. It is a
+fallback if translation is not available or not complete.
+
+[verse]
+____
+*xt* 'TYPE' 'NAME'
+
+'TYPE' := *match* | *target* | *watcher*
+____
+
+Seeing this means the ruleset (or parts of it) were created by *iptables-nft*
+and one should use that to manage it.
+
+*BEWARE:* nftables won't restore these statements.
-- 
cgit v1.2.3