On 15.01, Arturo Borrero Gonzalez wrote: > Hi, > > I'm giving a spin to the nft compat layer, since it can be of certain > importance for distributions. > > I just want to be clear on what I recommends to end users about > migrating from iptables (and friends) to nftables. > > Could you please remind me in which state was the discussion about > that patch to show x_tables extensions in nftables rulesets [0]? > I remember Patrick mentioned several concerns back then about this approach. My concerns were mainly about unconditionally giving access to ipt extensions from *nft*. It was not about the compat layer in the kernel, but about whether we actually do want to support everything or just conditionally enable those that we are sure of. > Currently, with a basic ruleset errors are shown [1]. Also, if you try > to see what's happening, segfaults [2]. > > I'm aware of the translations efforts being made by Shivani. > > [0] http://patchwork.ozlabs.org/patch/459398/ > [1] http://paste.debian.net/366059 > [2] http://paste.debian.net/366060/ > > best regards. > > -- > Arturo Borrero González > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
