My understanding is that the nft-iptables package makes iptables command add corresponding nft rules but when I have listed iptables rules it scares me because it says ACCEPT everywhere!? The rules seem to be incomplete, I am very confused about how nft interacts with iptables even after reading articles about it. Meta l4proto tcp ip saddr 192.168.1.100 # xt_tcp # xt_comment counter packets 0 bytes 0 # xt_DNAT Type nat hook prerouting priority dstnat policy accept Ĭounter packets 14600 bytes 1196437 jump FWKNOP_PREROUTING Meta l4proto tcp ip saddr 192.168.1.100 # xt_tcp # xt_comment counter packets 0 bytes 0 accept Type filter hook input priority filter policy accept Ĭounter packets 18872 bytes 1699499 jump FWKNOP_INPUT
Type filter hook forward priority filter policy accept Ĭounter packets 102908 bytes 83956455 jump FWKNOP_FORWARD Some packages might require iptables/nftables flavors. It would be interesting to see how we deal with dependencies when both standard iptables and iptables-nft are available and the user could either use fw3 or fw4. I doubt that iptables-nft will be installed by default and I think fw3 will still be available as a fallback. Maybe we could edit this issue description mentioning maintainers after the package to ping them all? Anything that depends on iptables or calls iptables(-save/-restore) needs some testing, specially if iptables-nft is in use. Heads up for routing.git: openwrt/routing#731įeeds/packages $ grep -E "(ip6?tables(-save|-restore)?( |$|\"|'|\))|lib/iptables|\+iptables)" -R */ | cut -d/ -f2 | sort -uĮxcept from shorewall and xtables-addons, which are clearly not compatible with firewall4/nftable, the rest is still open. v2raya ( v2raya: add iptables as dependency #18052).shadowsocks-libev (( shadowsocks-libev: convert to using nft #17937).
#Firewall openwrt dockstar update#
0 kommentar(er)
