authorPablo M. Bermudo Garay <>2016-06-22 19:07:01 +0200
committerPablo Neira Ayuso <>2016-06-22 20:00:38 +0200
commitd64ef34a99610a6fb54d43660ac31555da858231 (patch)
treee0199830bc3ac69aa9266bd1c7a40669be0b2401 /iptables/nft.h
parent6223ead0d06b7c7630adfd8c384bd2f3ae1c65c7 (diff)
iptables-compat: use nft built-in comments support
After this patch, iptables-compat uses nft built-in comments support instead of comment match. This change simplifies the treatment of comments in nft after load a rule set through iptables-compat-restore. Signed-off-by: Pablo M. Bermudo Garay <> Signed-off-by: Pablo Neira Ayuso <>
diff --git a/iptables/nft.h b/iptables/nft.h
index 281e1c69..9e02eeb1 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -104,6 +104,7 @@ int add_match(struct nftnl_rule *r, struct xt_entry_match *m);
int add_target(struct nftnl_rule *r, struct xt_entry_target *t);
int add_jumpto(struct nftnl_rule *r, const char *name, int verdict);
int add_action(struct nftnl_rule *r, struct iptables_command_state *cs, bool goto_set);
+int add_comment(struct nftnl_rule *r, const char *comment);
enum nft_rule_print {