Phil Sutter <phil@xxxxxx> wrote:
> Could we maybe find a middle ground where nft still does these
> optimizations but prints warnings so users are notified? We might even
> introduce -W flag to customize behaviour (-W all (default), -W error
> (strict mode), -W none (suppress any non-fatal output on stderr)).
I like this proposal.
One of the broken tproxy test cases (it prints warning) does this:
ip daddr 0.0.0.0/0
.. and that is always true and could be removed.
Different "problem" of course, but it shows that there is ample
opportunity for pruning irrelevant expressions.
And breaking scripts every time we decide that something is
"silly" is a bad decision, imo.
I suspect users will complain about { 1.2.3.4 } being illegal
"just because".
