[Bug 1093] Undocumented features in man pages

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Sat Nov 5 17:48:11 CET 2016


https://bugzilla.netfilter.org/show_bug.cgi?id=1093

Borden Rhodes <incoming-only at bordenrhodes.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|'Flush ruleset' is          |Undocumented features in
                   |undocumented                |man pages

--- Comment #1 from Borden Rhodes <incoming-only at bordenrhodes.com> ---
I'm changing the title on this bug because, in trying to decipher the
documentation, I've run into other things that I can't understand from reading
the man pages:

2) One of the headings in the man page is BLA. What does this stand for? The
IPv6 section also appears to be incomplete.

3) Conntrack expressions specific types are not defined. What values are valid
for things like ct_state, ct_dir and ct_status?

4) In the Reject statement, the table headings should read 'values' for what
the can be used. 'Types' is ambiguous.

5) The man page does not define a 'type' expression (which is used in the
minimal nftables.conf). Is it a synonym for 'table', since, presumably, 'type
filter' means 'use the filter table'?

6) Likewise, the documentation talks a lot about hooks, but not what 'hook'
means in the context of 'type filter hook input'. Is this to specify the input
chain of the hook table?

7) The only reference I can find to 'priority' is under 'meta' and 'chains',
where the latter says 'When a hook and priority value are specified, the chain
is created as a base chain and hooked up to the networking stack.' Ok... so in
the reference nftables.conf, does priority 0 mean that it has highest priority
or lowest priority?

8) nft list ruleset shows that 'policy accept' is added to 'type filter hook
forward priority 0;' Presumably, this is the 'default verdict' (although I
thought nftables didn't have default policies like ip tables did?). The policy
statement is likewise undocumented. Is this a user-configurable variable or is
it not documented so we can't touch it?

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20161105/10d8b00d/attachment.html>


More information about the netfilter-buglog mailing list