On 28 April 2017 at 10:05, Phil Sutter <[email protected]> wrote: >> >> This warning will be printed even in rulesets loaded with '-f' >> which first creates the masq rule an then the other chain. > > Hmm. I tested it with the following config and it works fine: > > | table ip nat { > | chain post { > | type nat hook postrouting priority 0; policy accept; > | oifname "veth2" masquerade > | } > | > | chain pre { > | type nat hook prerouting priority 0; policy accept; > | } > | } > > OK, with a config consisting of several 'add' commands, it indeed warns. > >> I think is just a matter of documenting *everywhere* that this is the >> expected behaviour, not a bug. > > Yeah, I should indeed have done that first, also because masquerade > statement is not documented at all yet. >
The best current documentation is this: https://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_(NAT) It can be improved, though -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
