2 files changed, 10 insertions, 18 deletions

diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index c7933464..94984cdc 100644
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -371,20 +371,18 @@ static int connmark_tg_xlate(struct xt_xlate *xl,
 				     info->ctmark, ~info->ctmask);
 		break;
 	case XT_CONNMARK_SAVE:
-		xt_xlate_add(xl, "ct mark set mark");
-		if (!(info->nfmask == UINT32_MAX &&
-		    info->ctmask == UINT32_MAX)) {
-			if (info->nfmask == info->ctmask)
-				xt_xlate_add(xl, " and 0x%x", info->nfmask);
-		}
+		if (info->nfmask == info->ctmask &&
+		    info->nfmask == UINT32_MAX)
+			xt_xlate_add(xl, "ct mark set mark");
+		else
+			return 0;
 		break;
 	case XT_CONNMARK_RESTORE:
-		xt_xlate_add(xl, "meta mark set ct mark");
-		if (!(info->nfmask == UINT32_MAX &&
-		    info->ctmask == UINT32_MAX)) {
-			if (info->nfmask == info->ctmask)
-				xt_xlate_add(xl, " and 0x%x", info->nfmask);
-		}
+		if (info->nfmask == info->ctmask &&
+		    info->nfmask == UINT32_MAX)
+			xt_xlate_add(xl, "meta mark set ct mark");
+		else
+			return 0;
 		break;
 	}
 
diff --git a/extensions/libxt_CONNMARK.txlate b/extensions/libxt_CONNMARK.txlate
index a47cbb2b..ce40ae5e 100644
--- a/extensions/libxt_CONNMARK.txlate
+++ b/extensions/libxt_CONNMARK.txlate
@@ -16,11 +16,5 @@ nft add rule ip mangle PREROUTING counter ct mark set ct mark or 0x16
 iptables-translate -t mangle -A PREROUTING -j CONNMARK --save-mark
 nft add rule ip mangle PREROUTING counter ct mark set mark
 
-iptables-translate -t mangle -A PREROUTING -j CONNMARK --save-mark --mask 0x12
-nft add rule ip mangle PREROUTING counter ct mark set mark and 0x12
-
 iptables-translate -t mangle -A PREROUTING -j CONNMARK --restore-mark
 nft add rule ip mangle PREROUTING counter meta mark set ct mark
-
-iptables-translate -t mangle -A PREROUTING -j CONNMARK --restore-mark --mask 0x12
-nft add rule ip mangle PREROUTING counter meta mark set ct mark and 0x12