path: root/iptables/xtables-nft-multi.c
Commit message (Collapse)AuthorAgeFilesLines
* xtables: Implement arptables-{save,restore}Phil Sutter2018-08-061-0/+4
| | | | | | | | | | | This adds C implementations for arptables-save and -restore in compat layer based on the two perl scripts in legacy arptables repository. To share common code, introduce nft_init_arp() analogous to nft_init_eb() introduced earlier. Signed-off-by: Phil Sutter <> Signed-off-by: Florian Westphal <>
* xtables: Fix symlinks/names for ebtables-{save, restore}Phil Sutter2018-08-041-1/+3
| | | | | | | | | | While xtables-nft-multi only recognized ebtables-save and -restore, Makefile did install only ebtables-nft-save and -restore symlinks. Clean this up by making both name variants known and installing respective symlinks, just like for ebtables and ebtables-nft. Signed-off-by: Phil Sutter <> Signed-off-by: Florian Westphal <>
* xtables: implement ebtables-{save,restore}Phil Sutter2018-07-191-0/+2
| | | | | | | | | | | | | | | The code for ebtables-restore was derived from legacy code, ebtables-save is actually a new implementation using the existing infrastructure and trying to adhere to legacy perl script output formatting as much as possible. This introduces a new format flag (FMT_EBT_SAVE) to allow nft_bridge_save_rule() to distinguish between ruleset listing (i.e., ebtables -L) and saving via ebtables-save - the two differ in how counters are being formatted. Odd, but that's how it is. Signed-off-by: Phil Sutter <> Signed-off-by: Florian Westphal <>
* xtables: Support nft suffix for arptables and ebtablesPhil Sutter2018-07-111-0/+2
| | | | | | | | | Since the names without suffix clash with legacy tools, support the suffixed versions as well to help distributions packaging for parallel installation of both nft and legacy variants. Signed-off-by: Phil Sutter <> Signed-off-by: Florian Westphal <>
* xtables: rename xt-multi binaries to -nft, -legacyFlorian Westphal2018-06-271-0/+43
This adds a clear distinction between old iptables (formerly xtables-multi, now xtables-legacy-multi) and new iptables (formerly xtables-compat-multi, now xtables-nft-multi). Users will get the ip/ip6tables names via symbolic links, having a distinct name postfix for the legacy/nft variants helps to make a clear distinction, as iptables-nft will always use nf_tables and iptables-legacy always uses get/setsockopt wheres "iptables" could be symlinked to either -nft or -legacy. Signed-off-by: Florian Westphal <>