xtables-translate: Support insert with index

Translation is pretty simple due to nft's 'insert rule ... index' support. Testing the translation is sadly not: index 1 vanishes (as it should), higher indexes are rejected in replay mode since no rules previously exist. Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2023-02-03 18:25:21 +0100
committer: Phil Sutter <phil@nwl.cc> 2023-02-17 18:18:48 +0100
commit: 68fdf09ecfd1769ec68a7df51f564578dbdc0ddf (patch)
tree: bc19d2ca378a4976d3e123179c4c17717701bf9f /extensions/libebt_ip.txlate
parent: 267a26363826553280a5928043df30a07cdc63bb (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/extensions/libebt_ip.txlate b/extensions/libebt_ip.txlate
index 28996832..44ce9276 100644
--- a/extensions/libebt_ip.txlate
+++ b/extensions/libebt_ip.txlate
@@ -4,7 +4,7 @@ nft 'add rule bridge filter FORWARD ip saddr != 192.168.0.0/24 counter accept'
 ebtables-translate -I FORWARD -p ip --ip-dst 10.0.0.1
 nft 'insert rule bridge filter FORWARD ip daddr 10.0.0.1 counter'
 
-ebtables-translate -I OUTPUT 3 -p ip -o eth0 --ip-tos 0xff
+ebtables-translate -I OUTPUT -p ip -o eth0 --ip-tos 0xff
 nft 'insert rule bridge filter OUTPUT oifname "eth0" ether type ip @nh,8,8 0xff counter'
 
 ebtables-translate -A FORWARD -p ip --ip-proto tcp --ip-dport 22
author	Phil Sutter <phil@nwl.cc>	2023-02-03 18:25:21 +0100
committer	Phil Sutter <phil@nwl.cc>	2023-02-17 18:18:48 +0100
commit	68fdf09ecfd1769ec68a7df51f564578dbdc0ddf (patch)
tree	bc19d2ca378a4976d3e123179c4c17717701bf9f /extensions/libebt_ip.txlate
parent	267a26363826553280a5928043df30a07cdc63bb (diff)