All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Stefan Berghofer <stefan.berghofer@secunet.com>
Cc: netfilter@vger.kernel.org
Subject: Re: using iptables matches and targets with nft
Date: Thu, 10 Dec 2015 13:45:15 +0100	[thread overview]
Message-ID: <20151210124515.GA2504@salvia> (raw)
In-Reply-To: <56696D12.6040601@secunet.com>

On Thu, Dec 10, 2015 at 01:16:18PM +0100, Stefan Berghofer wrote:
> Hi all,
> 
> recent versions of the Linux kernel and the libnftnl library define nft expression types
> with the names "match" and "target". However, I could not find any reference to these
> expression types in the code of the nft user space utility, but only in the code for iptables.
> Is it possible to access iptables matches and targets from rules defined with nft, or is
> this not intended?

iptables-compat uses this, this will be included in iptables 1.6.0
(just resolved a problem with static compilation, so we can release
this asap).

There is also a patch for nft (not in master yet) that takes what was
added via iptables-compat and provides a translation to the native
extensions (Shivani is working on the translation part at this
moment).

The idea is to provide an easy way to migrate from your iptables
ruleset to nft.

      reply	other threads:[~2015-12-10 12:45 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-10 12:16 using iptables matches and targets with nft Stefan Berghofer
2015-12-10 12:45 ` Pablo Neira Ayuso [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151210124515.GA2504@salvia \
    --to=pablo@netfilter.org \
    --cc=netfilter@vger.kernel.org \
    --cc=stefan.berghofer@secunet.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.