On Sat, Jul 09, 2016 at 12:24:54PM +0200, Pablo M. Bermudo Garay wrote:
> From: Pablo Neira <pablo@xxxxxxxxxxxxx>
>
> At compilation time, you have to pass this option.
>
> # ./configure --with-xtables
>
> And libxtables needs to be installed in your system.
>
> This patch allows to list a ruleset containing xt extensions loaded
> through iptables-compat-restore tool.
>
> Example:
>
> $ cat iptables-save
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -p tcp -m multiport --dports 80,81 -j REJECT
> COMMIT
>
> $ sudo iptables-compat-restore iptables-save
Note that this command above doesn't work, this should be
instead:
# iptables-save > file
# iptables-compat-restore < file
> $ sudo nft list chain filter INPUT
Then, better use this:
# nft list ruleset
...
to display the full translated ruleset.
Please, make sure the descriptions you provide in your patchset are
fine.
Apart from that comment, PATCH 3/3 looks good to me. Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
