path: root/tests/shell/testcases/rule_management/0008delete_1
authorPhil Sutter <>2022-10-11 18:46:55 +0200
committerPhil Sutter <>2022-11-18 15:50:24 +0100
commitc327e9331e50d7b4d6cfd0a82fb38bec73703bfb (patch)
treedcfac81d4ae15a21ddacbc1edc7a9d4530b86d46 /tests/shell/testcases/rule_management/0008delete_1
parent4521732ebbf34573062d2cad2f74b98910ea1c5b (diff)
While being able to "look inside" compat expressions using nft is a nice feature, it is also (yet another) pitfall for unaware users, deceiving them into assuming interchangeability (or at least compatibility) between iptables-nft and nft. In reality, which involves 'nft list ruleset | nft -f -', any correctly translated compat expressions will turn into native nftables ones not understood by (the version of) iptables-nft which created them in the first place. Other compat expressions will vanish, potentially compromising the firewall ruleset. Emit a warning (as comment) to give users a chance to stop and reconsider before shooting their own foot. Signed-off-by: Phil Sutter <>
