On 28 April 2017 at 10:05, Phil Sutter <phil@xxxxxx> wrote:
>>
>> This warning will be printed even in rulesets loaded with '-f'
>> which first creates the masq rule an then the other chain.
>
> Hmm. I tested it with the following config and it works fine:
>
> | table ip nat {
> | chain post {
> | type nat hook postrouting priority 0; policy accept;
> | oifname "veth2" masquerade
> | }
> |
> | chain pre {
> | type nat hook prerouting priority 0; policy accept;
> | }
> | }
>
> OK, with a config consisting of several 'add' commands, it indeed warns.
>
>> I think is just a matter of documenting *everywhere* that this is the
>> expected behaviour, not a bug.
>
> Yeah, I should indeed have done that first, also because masquerade
> statement is not documented at all yet.
>
The best current documentation is this:
https://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_(NAT)
It can be improved, though
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
