On Tue, Mar 09, 2021 at 06:09:15PM +0300, Pavel Tikhomirov wrote: > The rev variable is used here instead of opt obviously by mistake. > Please see iptables:nft_compatible_revision() for an example how it > should be. > > This breaks revision compatibility checks completely when reading > compat-target rules from nft utility. That's why nftables can't work on > "old" kernels which don't support new revisons. That's a problem for > containers. Applied, thanks.
