This is just to demonstrate yet another problem. For the rule itself it doesn't matter if '-i' or '-s' is passed first, but the test script has no deeper understanding for the rules and will do a simple textual comparision, this will fail because as-is the output is different than the input (options are written out in different order). We either need to sanoitize the input or update the test script to split lines and re-order the options or similar. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- extensions/generic.txlate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/generic.txlate b/extensions/generic.txlate index 6779d6f86dec..e95432552ef8 100644 --- a/extensions/generic.txlate +++ b/extensions/generic.txlate @@ -4,7 +4,7 @@ nft insert rule ip filter OUTPUT ip protocol udp ip daddr 8.8.8.8 counter accept iptables-translate -F -t nat nft flush table ip nat -iptables-translate -I INPUT -i iifname -s 10.0.0.0/8 +iptables-translate -I INPUT -s 10.0.0.0/8 -i iifname nft insert rule ip filter INPUT iifname "iifname" ip saddr 10.0.0.0/8 counter iptables-translate -A INPUT -i iif+ ! -d 10.0.0.0/8 -- 2.37.4
