4 files changed, 6 insertions, 1 deletions

diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index ac2b27b8..0a601243 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -60,6 +60,8 @@ static int nft_ipv4_add(struct nft_rule *r, struct iptables_command_state *cs)
 		add_cmp_u16(r, 0, op);
 	}
 
+	add_compat(r, cs->fw.ip.proto, cs->fw.ip.invflags);
+
 	return cs->fw.ip.flags;
 }
 
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index a2e80306..65a89490 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -42,6 +42,8 @@ static int nft_ipv6_add(struct nft_rule *r, struct iptables_command_state *cs)
 		add_proto(r, offsetof(struct ip6_hdr, ip6_nxt), 1,
 			  cs->fw6.ipv6.proto, cs->fw6.ipv6.invflags);
 
+	add_compat(r, cs->fw6.ipv6.proto, cs->fw6.ipv6.invflags);
+
 	return cs->fw6.ipv6.flags;
 }
 
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index f55d6f68..b301d411 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -63,6 +63,7 @@ void add_addr(struct nft_rule *r, int offset,
 	      void *data, size_t len, int invflags);
 void add_proto(struct nft_rule *r, int offset, size_t len,
 	       uint32_t proto, int invflags);
+void add_compat(struct nft_rule *r, uint32_t proto, bool inv);
 
 bool is_same_interfaces(const char *a_iniface, const char *a_outiface,
 			unsigned const char *a_iniface_mask,
diff --git a/iptables/nft.c b/iptables/nft.c
index f39f4071..e55c18c1 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -664,7 +664,7 @@ static void add_counters(struct nft_rule *r, uint64_t packets, uint64_t bytes)
 	nft_rule_add_expr(r, expr);
 }
 
-static void add_compat(struct nft_rule *r, uint32_t proto, bool inv)
+void add_compat(struct nft_rule *r, uint32_t proto, bool inv)
 {
 	nft_rule_attr_set_u32(r, NFT_RULE_ATTR_COMPAT_PROTO, proto);
 	nft_rule_attr_set_u32(r, NFT_RULE_ATTR_COMPAT_FLAGS,