[Bug 1213] Nft stateless NAT (NOTRACK)

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Mon Apr 23 20:26:26 CEST 2018


https://bugzilla.netfilter.org/show_bug.cgi?id=1213

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Regarding:

> nft add table NAT
> nft add chain NAT prerouting {type nat hook prerouting priority - 300 \; }
> nft add chain NAT postrouting {type nat hook postrouting priority - 300 \; }
> nft add rule NAT prerouting counter
> nft add rule NAT prerouting ip daddr 192.168.204.60 notrack counter
> nft add rule NAT prerouting counter
> 
> The counter value of prerouting is zero.

For the record, now nf_tables loads conntrack if a NAT chain gets registered,
which is one of the problems that was also reported in this bug report.

commit 43a605f2f722b6e08addedae8545b490fca252c4
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Tue Mar 27 11:53:08 2018 +0200

    netfilter: nf_tables: enable conntrack if NAT chain is registered

Closing. Thanks for reporting.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180423/0b472832/attachment.html>


More information about the netfilter-buglog mailing list