On Thu, Dec 10, 2015 at 01:16:18PM +0100, Stefan Berghofer wrote: > Hi all, > > recent versions of the Linux kernel and the libnftnl library define nft expression types > with the names "match" and "target". However, I could not find any reference to these > expression types in the code of the nft user space utility, but only in the code for iptables. > Is it possible to access iptables matches and targets from rules defined with nft, or is > this not intended? iptables-compat uses this, this will be included in iptables 1.6.0 (just resolved a problem with static compilation, so we can release this asap). There is also a patch for nft (not in master yet) that takes what was added via iptables-compat and provides a translation to the native extensions (Shivani is working on the translation part at this moment). The idea is to provide an easy way to migrate from your iptables ruleset to nft. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
