openwrt/package
Etienne Champetier b0bd6599e8 iptables: rework ip(6)tables-nft dependencies
according to iptables-nft man page,
"These tools use the libxtables framework extensions and hook to the nf_tables
kernel subsystem using the nft_compat module."

This means that to work, iptables-nft needs the same modules as
iptables legacy except the ip(6)table-{filter,mangle,nat,raw}
ip_tables, ip6tables.
When those modules are loaded iptables-nft-save output contains
"# Warning: iptables-legacy tables present, use iptables-legacy-save to see them"
But as long as it's empty it should not be a problem.

To have nft properly display the rules created by ip(6)tables-nft we need
all iptables targets and matches to be built as extension and not built-in
(/usr/lib/iptables/libip(6)t_*.so)

When switching a package to iptables-nft, you need to keep the
iptables-mod-* dependencies

This patch does minimal changes:
- remove the direct iptables-nft -> iptables dependency
- and more important add nft-compat dependency

The rule
iptables-nft -A OUTPUT -d 8.8.8.8 -m comment --comment "aaa" -j REJECT
becomes
table ip filter {
	chain OUTPUT {
		type filter hook output priority filter; policy accept;
		ip daddr 8.8.8.8 # xt_comment counter packets 0 bytes 0 # xt_REJECT
	}
}

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-03 00:02:31 +01:00
..
base-files base-files: upgrade: fix efi partitions size calculation 2021-12-27 13:51:41 +01:00
boot uboot-envtools: Update to version 2022.01 2022-02-01 21:25:02 +01:00
devel strace: Update to version 5.16 2022-02-01 21:25:02 +01:00
firmware ipq40xx: add MikroTik cAP ac support 2022-02-01 23:18:58 +01:00
kernel netfilter: add kmod-nft-compat 2022-02-02 23:24:03 +01:00
libs wolfssl: update to 5.1.1-stable 2022-02-01 23:18:01 +01:00
network iptables: rework ip(6)tables-nft dependencies 2022-02-03 00:02:31 +01:00
system ubox: fix broken deferred start of logfile writer 2022-01-31 15:03:25 +00:00
utils e2fsprogs: Update to version 1.46.5 2022-02-01 21:25:02 +01:00
Makefile build: fix opkg install step for large package selection 2021-05-12 11:13:53 +02:00