From 68fdf09ecfd1769ec68a7df51f564578dbdc0ddf Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 3 Feb 2023 18:25:21 +0100
Subject: xtables-translate: Support insert with index

Translation is pretty simple due to nft's 'insert rule ... index'
support. Testing the translation is sadly not: index 1 vanishes (as it
should), higher indexes are rejected in replay mode since no rules
previously exist.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/xtables-translate.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'iptables')

diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index 22b2fbc8..88e0a6b6 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -173,6 +173,8 @@ static int nft_rule_xlate_add(struct nft_handle *h,
 	       tick,
 	       append ? "add" : "insert",
 	       family2str[h->family], p->table, p->chain);
+	if (!append && p->rulenum > 1)
+		printf("index %d ", p->rulenum);
 
 	printf("%s%s\n", xt_xlate_rule_get(xl), tick);
 
-- 
cgit v1.2.3