Bug#935858: nftables: lacks documentation
actually there's still no mention of chain names able to be stored in capitals. The migratory tools automatically make capitals from iptables, and users would be tempted to try out documented commands. (even the link provided says nothing) .. so you re-consider adding this as a side-note. new users are tempted to try, "nft list chain filter output Error: No such file or directory list chain filter output ^^ " the nft syntax is difficult to grasp, and the output here is not even clear. If the output (I would say upstream is to blame) was actually more clear, then I would not need to report on confusion about this, and not have to dwell on telling you to provide some insight on what migratory tools actually do. The fact that error output and online documentation mentions nothing about having capitals for chain names, is the reason why I decided to file this report. The fact that many users also use migratory tools and likely face this same issue, is another reason why I think many users would actually benefit from a note or two in the README.Debian file. You should take the perspective that new adopters face this issue, and that I wouldn't be the only one facing this. Let it not be a main reason why NFT has not been widely adopted on Debian, because the least thing you could have done is to show me where I am wrong. Show me where it is documented. Show me where it says that chain names can be in capitals. Otherwise document it in README.Debian. ^ It's a Debian policy, and if you don't do it, then I will have to complain to the top leader about you being such a baby and revoke your abilities in maintaining this package. You also closed my other bugreport without a real good explanation on why you need to have nft binary executables at the header of .conf files. To me that is not just silly but impractical. Online documentation sources mention about using "nft list ruleset > nftables.conf" and effectively that overwrites the header. Use a bit of logic in maintaining this package. thanks
Bug#935858: nftables: lacks documentation
Control: tags -1 wontfix On Mon, 26 Aug 2019 20:26:50 -0400 westlake wrote: > Package: nftables > Version: 0.9.1-2~bpo10+1 > Severity: important > > All of the documentation I have uncovered online completely use > things like, > > -> eg, take this nft add rule line > nft add rule inet filter input counter drop > > Here there's two problems when trying to do this on Debian. > > 1) Debian uses "nft add rule ip" and not "nft add rule inet" > > 2) Debian uses "INPUT" << capitals for the chain name and not small caps. > (small caps for the chain name also does not work on Debian's nft) > > Debian needs to document these changes in > /usr/share/doc/nftables/README.Debian > 1) nft allows one to specify with address family to work with. See ADDRESS FAMILIES in the manpage or https://wiki.nftables.org/wiki-nftables/index.php/Nftables_families 2) chain names are totally arbitrary. They can be either lower case or upper case. This is properly documented in the manpage as well, and also in https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains I don't see any actionable here. Closing bug now. Thanks for your report though!
Bug#935858: nftables: lacks documentation
According to the nftables manpage, "The inet address family is a dummy family which is used to create hybrid IPv4/IPv6 tables. When no address family is specified, ip is used by default." considering a lot of users wanting to migrating from iptables to nft, would come across the issue that chain names need to be in capitals, .. I believe I have scathed incorrectly on the usage of "ip" over "inet" . inet can be used to set rules for both ipv4 and ipv6, but I haven't tested how well this works yet in this latest backports update.
Bug#935858: nftables: lacks documentation
Package: nftables Version: 0.9.1-2~bpo10+1 Severity: important All of the documentation I have uncovered online completely use things like, -> eg, take this nft add rule line nft add rule inet filter input counter drop Here there's two problems when trying to do this on Debian. 1) Debian uses "nft add rule ip" and not "nft add rule inet" 2) Debian uses "INPUT" << capitals for the chain name and not small caps. (small caps for the chain name also does not work on Debian's nft) Debian needs to document these changes in /usr/share/doc/nftables/README.Debian
