* iptables-save and match formatting
@ 2004-04-29 3:48 Tom Eastep
0 siblings, 0 replies; only message in thread
From: Tom Eastep @ 2004-04-29 3:48 UTC (permalink / raw)
To: netfilter-devel@lists.netfilter.org
[-- Attachment #1: Type: text/plain, Size: 650 bytes --]
My project for the evening is to integrate Shorewall with
iptables-save/iptables-restore. While debugging this facility, I found
that iptables-save was generating DNS names when outputing "-m conntrack
--ctorigdst <address>". The attached patch corrects the problem for me
but may have undesirable side effects not obvious to the casual hacker
such as myself :-)
-Tom
PS -- I'm using a Windoze system in the family room while watching a
hockey game so the patch may need 'dos2unix'.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
[-- Attachment #2: iptables-1.2.9.diff --]
[-- Type: text/plain, Size: 390 bytes --]
--- extensions/libipt_conntrack.c~ 2003-10-07 11:54:30.000000000 -0700
+++ extensions/libipt_conntrack.c 2004-04-28 19:01:08.000000000 -0700
@@ -504,7 +504,7 @@
/* Saves the matchinfo in parsable form to stdout. */
static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
{
- matchinfo_print(ip, match, 0, "--");
+ matchinfo_print(ip, match, 1, "--");
}
static
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-04-29 3:48 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-04-29 3:48 iptables-save and match formatting Tom Eastep
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.