On Tue, Sep 17, 2019 at 07:36:32PM +0100, Quentin Armitage wrote:
[...]
> Removing the lines:
> if (sinfo->status_mask == 1)
> return 0;
> resolves the problems, and
> iptables-translate -A INPUT -m conntrack --ctstatus EXPECTED
> outputs:
> nft add rule ip filter INPUT ct status expected counter
> and
> iptables-nft -A INPUT -m conntrack --ctstatus EXPECTED
> produces nft list output:
> chain INPUT {
> ct status expected counter packets 0 bytes 0 accept
> }Applied, thanks.
