[pkg-netfilter-team] Bug#935858: nftables: lacks documentation
Arturo Borrero Gonzalez
arturo at debian.org
Wed Aug 28 10:51:09 BST 2019
Control: tags -1 wontfix
On Mon, 26 Aug 2019 20:26:50 -0400 westlake <westlake2012 at videotron.ca> wrote:
> Package: nftables
> Version: 0.9.1-2~bpo10+1
> Severity: important
>
> All of the documentation I have uncovered online completely use
> things like,
>
> -> eg, take this nft add rule line
> nft add rule inet filter input counter drop
>
> Here there's two problems when trying to do this on Debian.
>
> 1) Debian uses "nft add rule ip" and not "nft add rule inet"
>
> 2) Debian uses "INPUT" << capitals for the chain name and not small caps.
> (small caps for the chain name also does not work on Debian's nft)
>
> Debian needs to document these changes in
> /usr/share/doc/nftables/README.Debian
>
1) nft allows one to specify with address family to work with. See ADDRESS
FAMILIES in the manpage or
https://wiki.nftables.org/wiki-nftables/index.php/Nftables_families
2) chain names are totally arbitrary. They can be either lower case or upper
case. This is properly documented in the manpage as well, and also in
https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains
I don't see any actionable here. Closing bug now.
Thanks for your report though!
More information about the pkg-netfilter-team
mailing list