On Fri, Dec 09, 2022 at 05:45:48PM +0100, Phil Sutter wrote: > On Fri, Dec 09, 2022 at 05:07:18PM +0100, Pablo Neira Ayuso wrote: > > On Thu, Nov 24, 2022 at 05:56:40PM +0100, Phil Sutter wrote: > > > Choose a format which provides more information and is easily parseable. > > > Then teach parsers about it and make it explicitly reject the ruleset > > > giving a meaningful explanation. Also update the man pages with some > > > more details. > > > > There is a bugzilla ticket related to xt and json support, you can > > probably add a Closes: tag link. > > This should be nfbz#1621, but it's about translating xt to native in > JSON format. All my patch does is extend the xt JSON format a bit. AIUI, > we would have to extend libxtables to provide translations into JSON. > > So even with perfect two-ways translation available, JSON interface is > unusable if iptables-nft is in use. The output of nftables without translation cannot be restored either, this is also going to provide a hint to the user, without allowing it to restore the JSON file.
