[PATCH] document multiport invert option

[PATCH] document multiport invert option

[Phil Oester]

[-- Attachment #1: Type: text/plain, Size: 207 bytes --]

The man/-h pages for multiport don't document that you can use
inversion.  This can be confusing, since multiport uses '! --port x'
instead of '--dport ! x' like tcp/udp.

This closes bugzilla #143

Phil




[-- Attachment #2: patch-notmultiport --]
[-- Type: text/plain, Size: 5471 bytes --]

diff -ru ipt-orig/extensions/libip6t_multiport.c ipt-new/extensions/libip6t_multiport.c
--- ipt-orig/extensions/libip6t_multiport.c	2003-07-14 16:01:29.000000000 -0400
+++ ipt-new/extensions/libip6t_multiport.c	2004-09-08 19:29:59.897221576 -0400
@@ -13,13 +13,13 @@
 {
 	printf(
 "multiport v%s options:\n"
-" --source-ports port[,port,port...]\n"
-" --sports ...\n"
+" [!] --source-ports port[,port,port...]\n"
+" [!] --sports ...\n"
 "				match source port(s)\n"
-" --destination-ports port[,port,port...]\n"
-" --dports ...\n"
+" [!] --destination-ports port[,port,port...]\n"
+" [!] --dports ...\n"
 "				match destination port(s)\n"
-" --ports port[,port,port]\n"
+" [!] --ports port[,port,port]\n"
 "				match both source and destination port(s)\n",
 IPTABLES_VERSION);
 }
diff -ru ipt-orig/extensions/libip6t_multiport.man ipt-new/extensions/libip6t_multiport.man
--- ipt-orig/extensions/libip6t_multiport.man	2004-01-22 10:04:24.000000000 -0500
+++ ipt-new/extensions/libip6t_multiport.man	2004-09-08 19:24:43.199366968 -0400
@@ -4,16 +4,16 @@
 or
 .BR "-p udp" .
 .TP
-.BR "--source-ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
+.BR "[!] --source-ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
 Match if the source port is one of the given ports.  The flag
 .B --sports
 is a convenient alias for this option.
 .TP
-.BR "--destination-ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
+.BR "[!] --destination-ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
 Match if the destination port is one of the given ports.  The flag
 .B --dports
 is a convenient alias for this option.
 .TP
-.BR "--ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
+.BR "[!] --ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
 Match if the both the source and destination ports are equal to each
 other and to one of the given ports.
diff -ru ipt-orig/extensions/libipt_mport.c ipt-new/extensions/libipt_mport.c
--- ipt-orig/extensions/libipt_mport.c	2003-07-14 16:01:29.000000000 -0400
+++ ipt-new/extensions/libipt_mport.c	2004-09-08 19:30:26.468182176 -0400
@@ -13,13 +13,13 @@
 {
 	printf(
 "mport v%s options:\n"
-" --source-ports port[,port:port,port...]\n"
-" --sports ...\n"
+" [!] --source-ports port[,port:port,port...]\n"
+" [!] --sports ...\n"
 "				match source port(s)\n"
-" --destination-ports port[,port:port,port...]\n"
-" --dports ...\n"
+" [!] --destination-ports port[,port:port,port...]\n"
+" [!] --dports ...\n"
 "				match destination port(s)\n"
-" --ports port[,port:port,port]\n"
+" [!] --ports port[,port:port,port]\n"
 "				match both source and destination port(s)\n",
 IPTABLES_VERSION);
 }
diff -ru ipt-orig/extensions/libipt_mport.man ipt-new/extensions/libipt_mport.man
--- ipt-orig/extensions/libipt_mport.man	2004-01-22 10:04:25.000000000 -0500
+++ ipt-new/extensions/libipt_mport.man	2004-09-08 19:24:08.047710832 -0400
@@ -4,16 +4,16 @@
 or
 .BR "-p udp" .
 .TP
-.BR "--source-ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
+.BR "[!] --source-ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
 Match if the source port is one of the given ports.  The flag
 .B --sports
 is a convenient alias for this option.
 .TP
-.BR "--destination-ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
+.BR "[!] --destination-ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
 Match if the destination port is one of the given ports.  The flag
 .B --dports
 is a convenient alias for this option.
 .TP
-.BR "--ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
+.BR "[!] --ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
 Match if the both the source and destination ports are equal to each
 other and to one of the given ports.
diff -ru ipt-orig/extensions/libipt_multiport.c ipt-new/extensions/libipt_multiport.c
--- ipt-orig/extensions/libipt_multiport.c	2003-07-14 16:01:29.000000000 -0400
+++ ipt-new/extensions/libipt_multiport.c	2004-09-08 19:30:47.800939104 -0400
@@ -13,13 +13,13 @@
 {
 	printf(
 "multiport v%s options:\n"
-" --source-ports port[,port,port...]\n"
-" --sports ...\n"
+" [!] --source-ports port[,port,port...]\n"
+" [!] --sports ...\n"
 "				match source port(s)\n"
-" --destination-ports port[,port,port...]\n"
-" --dports ...\n"
+" [!] --destination-ports port[,port,port...]\n"
+" [!] --dports ...\n"
 "				match destination port(s)\n"
-" --ports port[,port,port]\n"
+" [!] --ports port[,port,port]\n"
 "				match both source and destination port(s)\n",
 IPTABLES_VERSION);
 }
diff -ru ipt-orig/extensions/libipt_multiport.man ipt-new/extensions/libipt_multiport.man
--- ipt-orig/extensions/libipt_multiport.man	2004-01-22 10:04:25.000000000 -0500
+++ ipt-new/extensions/libipt_multiport.man	2004-09-08 19:23:50.583365816 -0400
@@ -4,16 +4,16 @@
 or
 .BR "-p udp" .
 .TP
-.BR "--source-ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
+.BR "[!] --source-ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
 Match if the source port is one of the given ports.  The flag
 .B --sports
 is a convenient alias for this option.
 .TP
-.BR "--destination-ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
+.BR "[!] --destination-ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
 Match if the destination port is one of the given ports.  The flag
 .B --dports
 is a convenient alias for this option.
 .TP
-.BR "--ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
+.BR "[!] --ports " "\fIport\fP[,\fIport\fP[,\fIport\fP...]]"
 Match if the both the source and destination ports are equal to each
 other and to one of the given ports.

Re: [PATCH] document multiport invert option

[Martin Josefsson]

[-- Attachment #1: Type: text/plain, Size: 468 bytes --]

On Thu, 2004-09-09 at 01:35, Phil Oester wrote:
> The man/-h pages for multiport don't document that you can use
> inversion.  This can be confusing, since multiport uses '! --port x'
> instead of '--dport ! x' like tcp/udp.
> 
> This closes bugzilla #143

I believe neither multiport or mport has invert support, they don't
complain when you add a inverted rule but the resulting rule won't be
inverted so I'm not going to apply this patch.

-- 
/Martin

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [PATCH] document multiport invert option

[Herve Eychenne]

On Thu, Sep 09, 2004 at 12:07:23PM +0200, Martin Josefsson wrote:

> On Thu, 2004-09-09 at 01:35, Phil Oester wrote:
> > The man/-h pages for multiport don't document that you can use
> > inversion.  This can be confusing, since multiport uses '! --port x'
> > instead of '--dport ! x' like tcp/udp.
> > 
> > This closes bugzilla #143

> I believe neither multiport or mport has invert support, they don't
> complain when you add a inverted rule but the resulting rule won't be
> inverted so I'm not going to apply this patch.

Though, multiport and mport should have invert support, right?
So you may add this support to your patch, phil. :-)

 Herve

-- 
 _
(°=  Hervé Eychenne
//)
v_/_ WallFire project:  http://www.wallfire.org/