On Tue, Nov 27, 2018 at 08:07:11PM +0100, Phil Sutter wrote: > The problem with converting libxt_comment into nftables comment is that > rules change when parsing from kernel due to comment match being moved > to the end of the match list. And since match ordering matters, the rule > may not be found anymore when checking or deleting. Apart from that, > iptables-nft didn't support multiple comments per rule anymore. This is > a compatibility issue without technical reason. > > Leave conversion from nftables comment to libxt_comment in place so we > don't break running systems during an update. Applied, thanks Phil.
