Valentijn Sessink <valentijn@xxxxxxxxxx> wrote:
> I'm using arptables (nft iptables version 1.8.7) with
> arptables -A OUTPUT -d 10.21.22.129 -j mangle --mangle-ip-s 10.21.22.161
>
> Now I'm a bit confused by the nft output:
>
> table arp filter {
> chain OUTPUT {
> type filter hook output priority filter; policy accept;
> arp htype 1 arp hlen 6 arp plen 4 arp daddr ip 10.21.22.129 counter
> packets 1288 bytes 54096 # --mangle-ip-s 10.21.22.161 }
> }
>
> The nft wiki only says "In the case of some missing translation, you will
> see a commented rule in nftables" - but it doesn't say what to do.
>
> Now I'm confused. Does this mean that I cannot use "nft" to setup this very
> rule? Should I use "arptables-nft" to set this rule? Or is there another
> way?
It might just be a missing translation.
You could try to see if this works:
nft add rule arp filter OUTPUT \
arp htype 1 arp hlen 6 arp plen 4 arp daddr ip 10.21.22.129 \
arp saddr ip set 10.21.22.161 counter
