From 11c464ed015b52a28d90c63c69e10e5f7d4053d4 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 5 May 2023 20:04:41 +0200 Subject: Add --compat option to *tables-nft and *-nft-restore commands The flag sets nft_handle::compat boolean, indicating a compatible rule implementation is wanted. Users expecting their created rules to be fetched from kernel by an older version of *tables-nft may use this to avoid potential compatibility issues. Changes since v1: - Expect short option '-C' in {ip,ip6,eb}tables-nft-restore command line parser - Support -C/--compat in arptables-nft-restore, too - Update man pages with the new flag Signed-off-by: Phil Sutter --- iptables/xshared.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'iptables/xshared.c') diff --git a/iptables/xshared.c b/iptables/xshared.c index 5f75a0a5..74b7a041 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -1263,7 +1263,8 @@ xtables_printhelp(const struct xtables_rule_match *matches) printf( " --modprobe= try to insert modules using this command\n" " --set-counters -c PKTS BYTES set the counter during insert/append\n" -"[!] --version -V print package version.\n"); +"[!] --version -V print package version\n" +" --compat create rules compatible for parsing with old binaries\n"); if (afinfo->family == NFPROTO_ARP) { int i; @@ -1787,6 +1788,10 @@ void do_parse(int argc, char *argv[], exit_tryhelp(2, p->line); + case 15: /* --compat */ + p->compat = true; + break; + case 1: /* non option */ if (optarg[0] == '!' && optarg[1] == '\0') { if (invert) -- cgit v1.2.3