Difference between revisions of "List of available translations via iptables-translate tool"

From nftables wiki
Jump to navigation Jump to search
(split partial and untranslateable options.)
Line 66: Line 66:
Following '''matches''' and '''targets''' are yet to be translated:
Following '''matches''' and '''targets''' are yet to be translated:


== Untranslatable extensions ==
== Partially translatable extensions ==


=== Matches ===
=== Matches ===
====xt====
====xt====
* cgroup
[Waiting for support of cgroup2 path-based in nft]
* dccp
* dccp
[Waiting for support of --dccp-option] (partial translations available)
[Waiting for support of --dccp-option]
* ecn
* ecn
[Waiting for support of --ecn-tcp-ece and --ecn-tcp-cwr] (partial translations available)
[Waiting for support of --ecn-tcp-ece and --ecn-tcp-cwr]
* multiport
* multiport
[Waiting for support of --ports] (partial translations available)
[Waiting for support of --ports]
* owner
* owner
[Waiting for support of --socket-exists] (partial translations available)
[Waiting for support of --socket-exists]
* sctp
* sctp
[Waiting for support of --chunk-types] (partial translations available)
[Waiting for support of --chunk-types]
* set
[Waiting for support]
: Suggestions for adding support:
:* Add counters to each element of a set. A counter contains the number of packets that matched an element and the total number of bytes. There must be the option of enabling or disabling the update of counters' values at will. Also counters' values must be accesible in order to do comparisons.
:* Sets must include different types of elements. Sets must have support for the "nomatch" flag.
[[User:Robgc|Robgc]] ([[User talk:Robgc|talk]]) 21:48, 21 September 2016 (CEST)


====ip====
====ip====
Line 97: Line 88:
*icmp6
*icmp6
[Waiting for support of packet types]
[Waiting for support of packet types]
* ipv6header
* rt
* rt
[Waiting for support of --rt-0-res, --rt-0-addrs, --rt-0-not-strict] (partial translations available)
[Waiting for support of --rt-0-res, --rt-0-addrs, --rt-0-not-strict] (partial translations available)
Line 103: Line 93:
=== Targets ===
=== Targets ===
====xt====
====xt====
* CLASSIFY
[Requires bug fixing]
* MARK
* MARK
[--set-mark and --set-xmark options are not fully supported] (partial translations available)<br/>
[--set-mark and --set-xmark options are not fully supported] (partial translations available)<br/>
Line 120: Line 108:
* LOG
* LOG
[Waiting for support of log-tcp-sequence, log-tcp-options, log-ip-options, log-uid, log-macdecode] (partial translations available)
[Waiting for support of log-tcp-sequence, log-tcp-options, log-ip-options, log-uid, log-macdecode] (partial translations available)
== Untranslatable extensions ==
=== Matches ===
====xt====
* cgroup
[Waiting for support of cgroup2 path-based in nft]
* set
[Waiting for support]
: Suggestions for adding support:
:* Add counters to each element of a set. A counter contains the number of packets that matched an element and the total number of bytes. There must be the option of enabling or disabling the update of counters' values at will. Also counters' values must be accesible in order to do comparisons.
:* Sets must include different types of elements. Sets must have support for the "nomatch" flag.
[[User:Robgc|Robgc]] ([[User talk:Robgc|talk]]) 21:48, 21 September 2016 (CEST)
====ip6====
* ipv6header

Revision as of 22:41, 18 February 2018

The following matches and targets (in alphabetic order) can be fully translated via iptables-translate tool:

Translatable extensions

Matches

xt

  • ipcomp
  • comment
  • connlabel
  • connmark
  • conntrack
  • cpu
  • devgroup
  • dscp
  • esp
  • helper
  • iprange
  • length
  • limit
  • mac
  • mark
  • pkttype
  • state
  • tcp
  • udp

ip

  • ah
  • realm
  • ttl

ip6

  • ah
  • frag
  • hbh
  • hl
  • mh

Targets

xt

  • NFLOG
  • NFQUEUE
  • TEE
  • TRACE

ip

  • DNAT
  • MASQUERADE
  • REDIRECT
  • REJECT
  • SNAT

ip6

  • DNAT
  • MASQUERADE
  • REDIRECT
  • REJECT
  • SNAT


Following matches and targets are yet to be translated:

Partially translatable extensions

Matches

xt

  • dccp

[Waiting for support of --dccp-option]

  • ecn

[Waiting for support of --ecn-tcp-ece and --ecn-tcp-cwr]

  • multiport

[Waiting for support of --ports]

  • owner

[Waiting for support of --socket-exists]

  • sctp

[Waiting for support of --chunk-types]

ip

  • icmp

[Waiting for support of packet types]

ip6

  • icmp6

[Waiting for support of packet types]

  • rt

[Waiting for support of --rt-0-res, --rt-0-addrs, --rt-0-not-strict] (partial translations available)

Targets

xt

  • MARK

[--set-mark and --set-xmark options are not fully supported] (partial translations available)
If --set-mark is used you must only specify the mark.
If --set-xmark is used you must specify the mark and the mask.

  • CONNMARK

[Waiting for support of --save-mark, --restore-mark, --set-mark and --set-xmark] (partial translations available)
If --set-mark is used you must only specify the mark.
If --set-xmark is used you must specify the mark and the mask.

ip

  • LOG

[Waiting for support of log-tcp-sequence, log-tcp-options, log-ip-options, log-uid, log-macdecode] (partial translations available)

ip6

  • LOG

[Waiting for support of log-tcp-sequence, log-tcp-options, log-ip-options, log-uid, log-macdecode] (partial translations available)

Untranslatable extensions

Matches

xt

  • cgroup

[Waiting for support of cgroup2 path-based in nft]

  • set

[Waiting for support]

Suggestions for adding support:
  • Add counters to each element of a set. A counter contains the number of packets that matched an element and the total number of bytes. There must be the option of enabling or disabling the update of counters' values at will. Also counters' values must be accesible in order to do comparisons.
  • Sets must include different types of elements. Sets must have support for the "nomatch" flag.

Robgc (talk) 21:48, 21 September 2016 (CEST)

ip6

  • ipv6header