On Mon, Mar 07, 2016 at 11:40:08PM +0530, Shivani Bhardwaj wrote:
> On Mon, Mar 7, 2016 at 11:34 PM, Laura Garcia <nevola@xxxxxxxxx> wrote:
> > On Mon, Mar 07, 2016 at 06:14:08PM +0100, Pablo Neira Ayuso wrote:
> >> On Sun, Mar 06, 2016 at 11:24:44PM +0100, Laura Garcia Liebana wrote:
> > The brackets are not missing here, sorry for the confusion. Inside the for
> > statement we only have the condition. Just the xt_late_add function indentation is not correct.
> >
> > This code it's needed in order to translate from types numbers to type
> > names, but we're ensuring after that which types names are similar in
> > iptables and nftables. For example, with this code we get:
> >
> > $ sudo iptables-translate -t filter -A INPUT -m icmp --icmp-type 3 -j LOG
> > nft add rule ip filter INPUT icmp type destination-unreachable counter log level warn
> >
> > Without this code:
> >
> > $ sudo iptables-translate -t filter -A INPUT -m icmp --icmp-type 3 -j LOG
> > nft add rule ip filter INPUT icmp type 3 counter log level warn
> >
> This looks good too. nftables is anyway going to convert it to its
> name type (if available). See how this above rule shows up in the
> chain:
>
> table ip filter {
> chain INPUT {
> type filter hook input priority 0; policy accept;
> icmp type destination-unreachable counter packets 0 bytes 0 log
> }
> }
>
> But, anyway, wait for Pablo's comments about this.
Translation to text is better, if possible.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
