Oh, I just saw that CHECKSUM extension is not supported in NFT. Which
introduces a rather unpleasant situation as LXC containers are not
getting an ip from the host's dhcp.
Any idea/suggestion how to get this working, I really would not want
having to revert to ipt.
> nft 0.8.2
>
> Hi,
>
> I am trying to translate the following itp rule to nft and wondering
> whether it is supported even, considering the udp header expression
> 'checksum' apparently has to be an integer and not a string.
> Also wondering whether the raw table is the correct place or rather
> being the bridge table as this happens only on bridge traffic.
>
> iptables -t mangle -I POSTROUTING -o br+ -p udp -m udp --dport 68 -j
> CHECKSUM --checksum-fill
>
> thus far done translation
>
> table raw {
> chain postrouting {
> type filter hook postrouting priority 100;
> meta oif br* udp dport 68 checksum
> }
> }
>
> variations of below did not work (not being an integer apparently)
>
> checkum fill
> checksim-fill
> checksum--fill
> checksum -fill
> checksum --fill
> checksum checksum-fill
> checksum -checksum-fill
> checksum --checksum-fill
>
>
>
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
