On Fri, Jan 11, 2019 at 12:16:33AM +0100, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > I think we need to add the built-in chains when listing if we want to > > emulate the iptables-legacy behaviour. Listing via -L implies table > > autoload, ie. > > > > # iptables-legacy -L -t raw > > > > pulls in the raw table and its chains. > > Yes, but I think thats a bug :-) OK, but that buggy behaviour has been there since the beginning IIRC :-) > I would prefer if iptables-nft would NOT do that, and instead > list nothing, with exit value of 0. People should be using iptables-save instead for listing anyway, so I don't mind if this is changed.
