Hi, Here is an attempt to get iptables-nftables supporting IPv6. I haven't tested it really, so I send it more as an RFC. Starting from xtables.c which supports only IPv4, patch 2 combines the support for IPv6 in it. The family attribute provided in patch 1 is set then used in nft.c to use it accordingly, in patch 3. Patch 4 finalizes it in handling the right informations for rule manipulations depending on the family. Patch 5 and 6 then adds the support of IPv6 when it comes to respectively save and print the firewall. Please review, Tomasz Bursztyka (6): nft: Add a family attribute to nft_handle xtables: Combine IPv6 support with IPv4 support nft: Use handle's family attribute instead of hardcoded AF_INET one nft: Support IPv6 rules manipulation nft: Use the right payload parsing function when saving a rule nft: Handle IPv6 when printing out firewall rules iptables/nft.c | 651 +++++++++++++++++++++++++++++++++++++++-------------- iptables/nft.h | 1 + iptables/xtables.c | 378 +++++++++++++++++++++---------- 3 files changed, 741 insertions(+), 289 deletions(-) -- 1.8.0.2 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
