netfilter buglog - Aug 2023 - [Bug 1659] iptables-nft v1.8.9 Error: meta sreg key not supported

https://bugzilla.netfilter.org/show_bug.cgi?id=1659

Phil Sutter <phil at nwl.cc> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |phil at nwl.cc
         Resolution|---                         |WONTFIX

--- Comment #1 from Phil Sutter <phil at nwl.cc> ---
Compatibility between iptables-nft and nftables can't be "fixed",
many
expressions in nftables rules can't be translated into iptables syntax as it
simply lacks the necessary capabilities.

The specific problem illustrated here (setting packet mark) is fixed by commit
7304f1982d619 ("nft-ruleparse: parse meta mark set as MARK target"),
enabling
iptables-nft to correctly parse the meta mark statement.

Improving the iptables-nft parser to understand more native expressions is a
task actively being worked on, but mixing iptables-nft and nftables will always
remain problematic and a good way to shoot one's own foot!

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230810/a41469b5/attachment.html>