On Tue, Mar 01, 2016 at 04:49:36PM +0100, Laura Garcia wrote: > On Tue, Mar 01, 2016 at 03:21:24PM +0530, Shivani Bhardwaj wrote: > > On Tue, Mar 1, 2016 at 2:52 AM, Laura Garcia Liebana <nevola@xxxxxxxxx> wrote: > > > > Hi Laura, > > > > > Add translation for random to nftables. > > > > > Here, you are providing translation for module statistic, random is > > just a mode for matching the rule. Please make sure to use correct > > module name in the commit message next time. > > > > Hi Shivani, > > The translation is only for random due to the mode nth is not implemented in nft yet. > > > > > Examples: > > > > > > $ iptables-translate -A INPUT -m statistic --mode random --probability > > > 0.1 -j ACCEPT > > > nft add rule ip filter INPUT meta random 0.10000000009 counter accept > > > > > > $ iptables-translate -A INPUT -m statistic --mode random ! --probability > > > 0.1 -j ACCEPT > > > nft add rule ip filter INPUT meta random != 0.10000000009 counter accept > > > > > > > The match statistic is not yet supported in nftables, so these > > translations are not going to work. You can track the supported > > extensions here: > > http://wiki.nftables.org/wiki-nftables/index.php/Supported_features_compared_to_xtables, > > you can edit any discrepancies you find on this page. > > > > The nf-next branch includes the random feature and it's working > perfectly for me. Should I have to update something in the wiki? The nf-next tree is OK for this. The sooner we get a translation, the better. Yes please, update the wiki page once this hits the master branch. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
