Phil Sutter <phil@xxxxxx> wrote: > What I don't like about this is that users won't notice the problem > until they try to restore the ruleset. For us it is clearly beneficial > to see where things break, but I doubt regular users care and we should > just tell them to stop mixing iptables and nft calls. So what would you propose...? > Can we maybe add "--force" to iptables-nft-save to make it print as much > as possible despite the table being considered incompatible? Not sure > how ugly this is to implement, though. I don't see this as useful thing because we already have "nft --debug=netlink". > We still exit(0) in case parsing fails, BTW. Guess this is the most > important thing to fix despite all the above. Huh? iptables-restore < bla iptables-restore v1.8.8 (nf_tables): unknown option "--bla" Error occurred at line: 7 Try `iptables-restore -h' or 'iptables-restore --help' for more information. ... exits with 2. Can you give an example?
