<html>

    <head>

      <base href="https://bugzilla.netfilter.org/" />

    </head>

    <body><span class="vcard"><a class="email" href="mailto:phil@nwl.cc" title="Phil Sutter <phil@nwl.cc>"> <span class="fn">Phil Sutter</span></a>

</span> changed

              <a class="bz_bug_link 

          bz_status_RESOLVED  bz_closed"

   title="RESOLVED WONTFIX - iptables-nft v1.8.9 Error: meta sreg key not supported"

   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1659">bug 1659</a>

          <br>

             <table border="1" cellspacing="0" cellpadding="8">

          <tr>

            <th>What</th>

            <th>Removed</th>

            <th>Added</th>

          </tr>

         <tr>

           <td style="text-align:right;">Status</td>

           <td>NEW

           </td>

           <td>RESOLVED

           </td>

         </tr>

         <tr>

           <td style="text-align:right;">CC</td>

           <td>

           </td>

           <td>phil@nwl.cc

           </td>

         </tr>

         <tr>

           <td style="text-align:right;">Resolution</td>

           <td>---

           </td>

           <td>WONTFIX

           </td>

         </tr></table>

      <p>

        <div>

            <b><a class="bz_bug_link 

          bz_status_RESOLVED  bz_closed"

   title="RESOLVED WONTFIX - iptables-nft v1.8.9 Error: meta sreg key not supported"

   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1659#c1">Comment # 1</a>

              on <a class="bz_bug_link 

          bz_status_RESOLVED  bz_closed"

   title="RESOLVED WONTFIX - iptables-nft v1.8.9 Error: meta sreg key not supported"

   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1659">bug 1659</a>

              from <span class="vcard"><a class="email" href="mailto:phil@nwl.cc" title="Phil Sutter <phil@nwl.cc>"> <span class="fn">Phil Sutter</span></a>

</span></b>

        <pre>Compatibility between iptables-nft and nftables can't be "fixed", many

expressions in nftables rules can't be translated into iptables syntax as it

simply lacks the necessary capabilities.

The specific problem illustrated here (setting packet mark) is fixed by commit

7304f1982d619 ("nft-ruleparse: parse meta mark set as MARK target"), enabling

iptables-nft to correctly parse the meta mark statement.

Improving the iptables-nft parser to understand more native expressions is a

task actively being worked on, but mixing iptables-nft and nftables will always

remain problematic and a good way to shoot one's own foot!</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are watching all bug changes.</li>

      </ul>

    </body>

</html>