On Tue, Nov 27, 2018 at 08:07:11PM +0100, Phil Sutter wrote:
> The problem with converting libxt_comment into nftables comment is that
> rules change when parsing from kernel due to comment match being moved
> to the end of the match list. And since match ordering matters, the rule
> may not be
The problem with converting libxt_comment into nftables comment is that
rules change when parsing from kernel due to comment match being moved
to the end of the match list. And since match ordering matters, the rule
may not be found anymore when checking or deleting. Apart from that,
iptables-nft
