[Bug 1659] iptables-nft v1.8.9 Error: meta sreg key not supported
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Aug 10 16:37:33 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1659
Phil Sutter <phil at nwl.cc> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |phil at nwl.cc
Resolution|--- |WONTFIX
--- Comment #1 from Phil Sutter <phil at nwl.cc> ---
Compatibility between iptables-nft and nftables can't be "fixed", many
expressions in nftables rules can't be translated into iptables syntax as it
simply lacks the necessary capabilities.
The specific problem illustrated here (setting packet mark) is fixed by commit
7304f1982d619 ("nft-ruleparse: parse meta mark set as MARK target"), enabling
iptables-nft to correctly parse the meta mark statement.
Improving the iptables-nft parser to understand more native expressions is a
task actively being worked on, but mixing iptables-nft and nftables will always
remain problematic and a good way to shoot one's own foot!
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230810/a41469b5/attachment.html>
More information about the netfilter-buglog
mailing list