List of available translations via iptables-translate tool

From nftables wiki
Revision as of 19:14, 13 July 2016 by Pablo (talk | contribs) (Created page with "The following '''matches and targets''' (in alphabetic order) can be fully translated via iptables-translate tool: == Translatable extensions == === Matches === ====xt==== *...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

The following matches and targets (in alphabetic order) can be fully translated via iptables-translate tool:

Translatable extensions

Matches

xt

  • comment
  • connmark
  • cpu
  • devgroup
  • dscp
  • esp
  • helper
  • iprange
  • length
  • limit
  • mac
  • mark
  • pkttype
  • state
  • tcp
  • udp

ip

  • ah
  • realm
  • ttl

ip6

  • ah
  • frag
  • hbh
  • hl
  • mh

Targets

xt

  • NFLOG
  • NFQUEUE
  • TEE
  • TRACE

ip

  • DNAT
  • MASQUERADE
  • REDIRECT
  • REJECT
  • SNAT

ip6

  • DNAT
  • MASQUERADE
  • REDIRECT
  • REJECT
  • SNAT


Following matches and targets are yet to be translated:

Untranslatable extensions

Matches

xt

  • cgroup

[Waiting for support of cgroup2 path-based in nft]

  • connlabel

[Waiting for support of --set]

Patch sent: https://patchwork.ozlabs.org/patch/592462/ (Needs revisit)

  • dccp

[Waiting for support of --dccp-option] (partial translations available)

  • ecn

[Waiting for support of --ecn-tcp-ece and --ecn-tcp-cwr] (partial translations available)

  • ipcomp

[Waiting for support of --compres] (partial translations available)

  • multiport

[Waiting for support of --ports] (partial translations available)

  • owner

[Waiting for support of --socket-exists] (partial translations available)

  • sctp

[Waiting for support of --chunk-types] (partial translations available)

  • set

ip

  • icmp

[Waiting for support of packet types]

ip6

  • icmp6

[Waiting for support of packet types]

  • ipv6header
  • rt

[Waiting for support of --rt-0-res, --rt-0-addrs, --rt-0-not-strict] (partial translations available)

Targets

xt

  • CLASSIFY

[Requires bug fixing]

  • MARK

[--set-mark and --set-xmark options are not fully supported] (partial translations available)
If --set-mark is used you must only specify the mark.
If --set-xmark is used you must specify the mark and the mask.

  • CONNMARK

[Waiting for support of --save-mark, --restore-mark, --set-mark and --set-xmark] (partial translations available)
If --set-mark is used you must only specify the mark.
If --set-xmark is used you must specify the mark and the mask.

ip

  • LOG

[Waiting for support of log-tcp-sequence, log-tcp-options, log-ip-options, log-uid, log-macdecode] (partial translations available)

ip6

  • LOG

[Waiting for support of log-tcp-sequence, log-tcp-options, log-ip-options, log-uid, log-macdecode] (partial translations available)