On Mon, 2016-02-29 at 07:10 +0000, Zheng, Wu wrote:
I mean that can we refer to the related source code of iptables and
check how the source code of iptables-1.6 implement the feature of
iptable over nftable? The source code of iptable just for reference.
Xtables is used in Iptable-1.6.0 for implementing the related features
We'd end up detecting whether to use nftables or iptables at run time in
any case. Plus linking against libxtables would drag in system libraries
that are not needed if only nftables is supported by the kernel.
Making the internal code work just by keeping iptables function calls to
achieve nftables output makes everything unnecessary complicated. We'd
better fix the abstraction level in the firewall_* or alike functions
instead, as proposed.