Laura Garcia Liebana <nevola@xxxxxxxxx> wrote:
> Add support for inverted state and status bitwise value list required in the
> ct match.
>
> Before this patch, nft didn't support the rule:
>
> $ nft add rule ip filter INPUT ct state != new,related counter accept
> <cmdline>:1:41-41: Error: syntax error, unexpected comma, expecting end of file or newline or semicolon
> add rule ip filter INPUT ct state != new,related counter accept
^
I don't like nft foo,bar syntax since
'state new,related' looks a lot like 'state { new, related }' but its not the same...
Maybe we should use 'state new|related' instead for flag type too?
[ Maybe better discuss it at nfws ]
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
