On 09.04, Pablo Neira Ayuso wrote: > At compilation time, you have to pass this option. > > # ./configure --with-xtables > > And libxtables needs to be installed in your system. > > This patch allows you to use xt extensions from nft, eg. > > # nft add rule filter output \ > tcp flags syn xt target TCPMSS [ --clamp-mss-to-pmtu ] > > This feature requires that libxtables is installed in your system. > > This provides access to all existing xt modules from nft. Users can > meanwhile use xt extension until we can provide native expressions. > > You can build this optionally, if disabled it displays an error: > > # nft add rule filter output tcp flags syn xt target TCPMSS [ --clamp-mss-to-pmtu ] > <cmdline>:1:38-77: Error: this build does not support xtables > add rule filter output tcp flags syn xt target TCPMSS [ --clamp-mss-to-pmtu ] > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > so you know your build doesn't support this. Before review this patch, my main question is - are we sure we want to do this? How will this affect our plans to get rid of the iptables code at some point in the future? Arguably its a compatibility question, if we support this in nft people will use it and we can't simply remove it. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
