Fri Feb 21 23:00:14 CET 2014


           Summary: "not" keyword not implemented in nft
nftables-0.099, and current head in GIT define the token NOT, but the parser
does not make use of it anywhere.  The iptables rules I am trying to port to
nftables include some which need the ability to invoke a verdict when a given
expression is false, such as
   ...bunch o' stuff that "should" handle all non-icmp traffic
   nft add rule ip filter input not icmp log prefix "Unexpected traffic: "

or, for a subnet which should be isolated to a specific interface, rejecting
packets claiming to belong to that subnet but coming from a different
   nft add rule ip filter input ip saddr not iif eth2 counter

Both of the above currently throw a syntax error:
  Error: syntax error, unexpected !

