Re: [nft PATCH] files: Move netdev-ingress.nft to /etc/nftables as well

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 03, 2019 at 12:56:00PM +0200, Phil Sutter wrote:
> On Tue, Jun 25, 2019 at 02:24:04AM +0200, Pablo Neira Ayuso wrote:
> > On Mon, Jun 24, 2019 at 06:49:41PM +0200, Florian Westphal wrote:
> > > Phil Sutter <phil@xxxxxx> wrote:
> > > > > Right.  Do you think we should also add in inet-nat.nft example,
> > > > > or even replace the ipvX- ones?
> > > > 
> > > > Having an inet family nat example would be wonderful! Can inet NAT
> > > > replace IPvX-ones completely or are there any limitations as to what is
> > > > possible in rules?
> > > 
> > > I'm not aware of any limitations.
> > 
> > Only limitation is that older kernels do not support NAT for the inet
> > family.
> 
> OK, so maybe add inet NAT example but not delete ip/ip6 ones?

Agreed.

> What is the status regarding my patch, please? I think fixing
> netdev-ingress.nft location is unrelated to this discussion, right?

Oh right, I got confused by the discussion.



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux