XT COMMENT NEED WORK net/netfilter/xt_addrtype.c - needs native interface * net/netfilter/xt_AUDIT.c - into nft_log? logging flavour * net/netfilter/xt_bpf.c - needs native interface * net/netfilter/xt_CHECKSUM.c - add nft_mangle * net/netfilter/xt_CLASSIFY.c - add nft_mangle * net/netfilter/xt_cluster.c - needs native interface * net/netfilter/xt_comment.c - native support in nft net/netfilter/xt_connbytes.c - needs native interface * net/netfilter/xt_connlabel.c - needs native interface * net/netfilter/xt_connlimit.c - needs native interface * net/netfilter/xt_connmark.c - nft_meta net/netfilter/xt_CONNSECMARK.c - nft_meta * net/netfilter/xt_conntrack.c - nft_ct net/netfilter/xt_cpu.c - nft_meta (needs easy change) * net/netfilter/xt_CT.c - nft_meta_target * net/netfilter/xt_dccp.c - nft_payload + nft_cmp net/netfilter/xt_devgroup.c - nft_meta (needs easy change) * net/netfilter/xt_dscp.c - nft_payload + nft_cmp net/netfilter/xt_DSCP.c - add nft_mangle * net/netfilter/xt_ecn.c - nft_payload + nft_cmp net/netfilter/xt_esp.c - nft_payload + nft_cmp net/netfilter/xt_hashlimit.c - needs native interface * net/netfilter/xt_helper.c - nft_meta + nft_cmp net/netfilter/xt_hl.c - nft_payload + nft_cmp net/netfilter/xt_HL.c - add nft_mangle * net/netfilter/xt_HMARK.c - needs native interface * net/netfilter/xt_IDLETIMER.c - needs native interface * net/netfilter/xt_iprange.c - nft_payload + nft_cmp * [ --ports ] net/netfilter/xt_ipvs.c - needs native interface * net/netfilter/xt_LED.c - needs native (need this?) * net/netfilter/xt_length.c - nft_meta + nft_cmp net/netfilter/xt_limit.c - nft_limit net/netfilter/xt_LOG.c - nft_log net/netfilter/xt_mac.c - nft_payload + nft_cmp net/netfilter/xt_mark.c - nft_meta net/netfilter/xt_multiport.c - nft_payload + nft_cmp net/netfilter/xt_nat.c - nft_nat net/netfilter/xt_NETMAP.c - nft_nat net/netfilter/xt_nfacct.c - needs native interface * net/netfilter/xt_NFLOG.c - needs native interface * net/netfilter/xt_NFQUEUE.c - nft_queue net/netfilter/xt_osf.c - needs native interface * net/netfilter/xt_owner.c - nft_meta + nft_cmp net/netfilter/xt_physdev.c - nft_meta * net/netfilter/xt_pkttype.c - nft_meta net/netfilter/xt_policy.c - needs native interface * net/netfilter/xt_quota.c - integrate nfacct into nft? * net/netfilter/xt_rateest.c - needs native interface * net/netfilter/xt_RATEEST.c - needs native interface * net/netfilter/xt_realm.c - nft_meta (needs easy change) * net/netfilter/xt_recent.c - needs native interface * net/netfilter/xt_REDIRECT.c - nft_nat * net/netfilter/xt_sctp.c - nft_payload + nft_cmp net/netfilter/xt_SECMARK.c - nft_meta_target * net/netfilter/xt_set.c - integrate ipset? * net/netfilter/xt_socket.c - needs native interface * net/netfilter/xt_state.c - nft_ct net/netfilter/xt_statistic.c - needs native interface * net/netfilter/xt_string.c - needs native interface * net/netfilter/xt_tcpmss.c - needs native interface * net/netfilter/xt_TCPMSS.c - needs native interface * net/netfilter/xt_TCPOPTSTRIP.c - needs native interface * net/netfilter/xt_tcpudp.c - nft_payload net/netfilter/xt_TEE.c - needs native interface * net/netfilter/xt_time.c - needs native interface * net/netfilter/xt_TPROXY.c - needs native interface * net/netfilter/xt_TRACE.c - nft_meta_target net/netfilter/xt_u32.c - nft_payload (raw expressions) IPV4 net/ipv4/netfilter/ipt_ah.c - nft_payload + nft_cmp net/ipv4/netfilter/ipt_CLUSTERIP.c - deprecated net/ipv4/netfilter/ipt_ECN.c - nft_mangle * net/ipv4/netfilter/ipt_MASQUERADE.c - nft_nat (easy change) * net/ipv4/netfilter/ipt_REJECT.c - nft_meta_target * net/ipv4/netfilter/ipt_rpfilter.c - needs native interface * net/ipv4/netfilter/ipt_ULOG.c - deprecated IPV6 net/ipv6/netfilter/ip6t_ah.c - nft_payload + nft_cmp net/ipv6/netfilter/ip6t_eui64.c - nft_payload + nft_cmp net/ipv6/netfilter/ip6t_frag.c - nft_exthdr + nft_cmp net/ipv6/netfilter/ip6t_hbh.c - nft_exthdr + nft_cmp net/ipv6/netfilter/ip6t_ipv6header.c - nft_exthdr + nft_cmp net/ipv6/netfilter/ip6t_MASQUERADE.c - nft_nat (easy change) * net/ipv6/netfilter/ip6t_mh.c - nft_exthdr + nft_cmp net/ipv6/netfilter/ip6t_NPT.c - needs native interface * net/ipv6/netfilter/ip6t_REJECT.c - nft_meta_target * net/ipv6/netfilter/ip6t_rpfilter.c - needs native interface * net/ipv6/netfilter/ip6t_rt.c - nft_exthdr + nft_cmp NOTE: ~ 50% features missing in nftables with regards to nftables. -- 17/June/2014