On Wed, Mar 02, 2016 at 03:47:32PM +0100, Jan Engelhardt wrote: > > On Wednesday 2016-03-02 15:14, Shivani Bhardwaj wrote: > >> > >> This crazy thing seems to be valid: > >> > >> iptables -I INPUT -p sctp -m sctp > > This is how all protocols are loaded. It can be readily seen > in a iptables-save dump. One tests the L3 header field, the other > loads the module for further options to do tests on L4 fields. > > >> > >> and this will be translated as: > >> > >> nft add rule filter INPUT ip protocol sctp sctp > > that seems correct, does it not? That translation is not correct in nft: # nft add rule filter INPUT ip protocol sctp sctp <cmdline>:1:44-44: Error: syntax error, unexpected end of file, expecting checksum or sport or dport or vtag add rule filter INPUT ip protocol sctp sctp -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
