Timo Lindfors <timo.lindfors@xxxxxx> wrote: > > # uname -r; nft -V | head -n1 > > 6.7.2-arch1-2 > > nftables v1.0.9 (Old Doc Yak #3) > > # nft flush ruleset > > # iptables-nft -A INPUT -m addrtype --dst-type LOCAL > > # nft list ruleset 2>/dev/null | sed -n 4p > > xt match "addrtype" counter packets 8 bytes 778 > > I get different output on Debian 12: > > # uname -r; nft -V | head -n1 > 6.1.0-17-amd64 > nftables v1.0.6 (Lester Gooch #5) > # nft flush ruleset > # iptables-nft -A INPUT -m addrtype --dst-type LOCAL > # nft list ruleset 2>/dev/null | sed -n 4p > fib daddr type local counter packets 24 bytes 16144 > > Is this perhaps a regression? More likely that the former nft is compiled without xtables support, the latter nft binary asks iptables-translate for a textual nft-equivalent repesentation of the addrtype match. > Ok, thanks for the insights. If I built the tool for netfilter first, which > of the three formats should I try to analyze? netlink, text or json? Text is rather unstable, I would not rely on it. json ought to be stable, netlink is stable (its the api after all).
