From b1ae6a45c9f38a60a13d9ecb88dcbeb12e5d13e0 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 21 Dec 2023 13:24:09 +0100
Subject: ebtables: Default to extrapositioned negations

ebtables-nft has always supported both intra- and extrapositioned
negations but defaulted to intrapositioned when printing/saving rules.

With commit 58d364c7120b5 ("ebtables: Use do_parse() from xshared")
though, it started to warn about intrapositioned negations. So change
the default to avoid mandatory warnings when e.g. loading previously
dumped rulesets.

Also adjust test cases, help texts and ebtables-nft.8 accordingly.

Cc: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 extensions/libebt_ip6.txlate | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'extensions/libebt_ip6.txlate')

diff --git a/extensions/libebt_ip6.txlate b/extensions/libebt_ip6.txlate
index 0debbe12..13d57e3a 100644
--- a/extensions/libebt_ip6.txlate
+++ b/extensions/libebt_ip6.txlate
@@ -25,5 +25,5 @@ nft 'add rule bridge filter FORWARD icmpv6 type 128 counter'
 ebtables-translate -A FORWARD -p ip6 --ip6-protocol icmpv6  --ip6-icmp-type 1/1
 nft 'add rule bridge filter FORWARD icmpv6 type 1 icmpv6 code 1 counter'
 
-ebtables-translate -A FORWARD -p ip6 --ip6-protocol icmpv6 --ip6-icmp-type ! 1:10
+ebtables-translate -A FORWARD -p ip6 --ip6-protocol icmpv6 ! --ip6-icmp-type 1:10
 nft 'add rule bridge filter FORWARD icmpv6 type != 1-10 counter'
-- 
cgit v1.2.3