diff options
| author | Phil Sutter <phil@nwl.cc> | 2023-05-05 20:04:41 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2023-08-11 15:56:38 +0200 |
| commit | 11c464ed015b52a28d90c63c69e10e5f7d4053d4 (patch) | |
| tree | 5c2d3bd5a627720284e609dd966ff94246847ac8 /iptables/xshared.c | |
| parent | ca709b5784c982de12d6eab361cfc9c900aec4c7 (diff) | |
Add --compat option to *tables-nft and *-nft-restore commands
The flag sets nft_handle::compat boolean, indicating a compatible rule
implementation is wanted. Users expecting their created rules to be
fetched from kernel by an older version of *tables-nft may use this to
avoid potential compatibility issues.
Changes since v1:
- Expect short option '-C' in {ip,ip6,eb}tables-nft-restore command line
parser
- Support -C/--compat in arptables-nft-restore, too
- Update man pages with the new flag
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/xshared.c')
| -rw-r--r-- | iptables/xshared.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/iptables/xshared.c b/iptables/xshared.c index 5f75a0a5..74b7a041 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -1263,7 +1263,8 @@ xtables_printhelp(const struct xtables_rule_match *matches) printf( " --modprobe=<command> try to insert modules using this command\n" " --set-counters -c PKTS BYTES set the counter during insert/append\n" -"[!] --version -V print package version.\n"); +"[!] --version -V print package version\n" +" --compat create rules compatible for parsing with old binaries\n"); if (afinfo->family == NFPROTO_ARP) { int i; @@ -1787,6 +1788,10 @@ void do_parse(int argc, char *argv[], exit_tryhelp(2, p->line); + case 15: /* --compat */ + p->compat = true; + break; + case 1: /* non option */ if (optarg[0] == '!' && optarg[1] == '\0') { if (invert) |