From 11c464ed015b52a28d90c63c69e10e5f7d4053d4 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 5 May 2023 20:04:41 +0200 Subject: Add --compat option to *tables-nft and *-nft-restore commands The flag sets nft_handle::compat boolean, indicating a compatible rule implementation is wanted. Users expecting their created rules to be fetched from kernel by an older version of *tables-nft may use this to avoid potential compatibility issues. Changes since v1: - Expect short option '-C' in {ip,ip6,eb}tables-nft-restore command line parser - Support -C/--compat in arptables-nft-restore, too - Update man pages with the new flag Signed-off-by: Phil Sutter --- iptables/xtables.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'iptables/xtables.c') diff --git a/iptables/xtables.c b/iptables/xtables.c index 22d6ea58..25b4dbc6 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -82,6 +82,7 @@ static struct option original_opts[] = { {.name = "goto", .has_arg = 1, .val = 'g'}, {.name = "ipv4", .has_arg = 0, .val = '4'}, {.name = "ipv6", .has_arg = 0, .val = '6'}, + {.name = "compat", .has_arg = 0, .val = 15 }, {NULL}, }; @@ -161,6 +162,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, do_parse(argc, argv, &p, &cs, &args); h->verbose = p.verbose; + h->compat = p.compat; if (!nft_table_builtin_find(h, p.table)) xtables_error(VERSION_PROBLEM, -- cgit v1.2.3