Re: feature request - Taylor, Grant

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Taylor, Grant" <gtaylor@riverviewtech.net>
To: "Leonardo Rodrigues Magalhães" <leolistas@solutti.com.br>
Cc: netfilter@lists.netfilter.org
Subject: Re: feature request
Date: Thu, 14 Apr 2005 13:52:35 -0500	[thread overview]
Message-ID: <425EBBF3.9090904@riverviewtech.net> (raw)
In-Reply-To: <425EB850.1060506@solutti.com.br>

> 
>    Guys, how about using the new comment module for making grepping easy 
> ???? Instead of grepping the rules parameters, you can include an unique 
> ID as a comment in your rule and simply grep for it !!! What do you 
> think ??

I've considered doing that my self for other projects.  But seeing as how I did not have any real solution / method for doing so already I did not want to propose it yet.  I'm thinking of using it for more of a ""system that would manage all your rules, not unlike SysV Init scripts, for you.  You would then go through that interface and work with iptables.  I know that what ever I end up coming up with I'll end up using some sort of numeric identifiers for the rules to be matched against so it is easier to machine parse.  I'll probably end up using a comment of something like this ':<numeric ID>:<free text comment>'.  This way the machine parseable identifier is there in the form of ':<numeric ID>:' where it will be easy to find on the line.  The <numeric ID> will be at the start of the comments and starting at about the same column on screen while still allowing for free text comments (
 or as free as comment will allow it's self, just a bit shorter) thus making it easier to 
search for a specific <numeric ID> visually, vs having it at the end of the comment which would make location of the <numeric ID> of the rule depend on the length of the free text.  Seeing as how comment is a relatively new match extension and not all systems have it in the kernel this system would be valid for new and patched kernels only.  Where as something that would parse the output of iptables(|-save) would be more backwards compatible.

I personally am EXTENSIVELY using the comment match extension, as well as planing on using TARPIT targets (that is a sticky subject un to it's self.  Pun intended.  :P  )

Grant. . . .

next prev parent reply	other threads:[~2005-04-14 18:52 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-14 16:50 feature request `VL
2005-04-14 18:18 ` Taylor, Grant
2005-04-14 18:37   ` Leonardo Rodrigues Magalhães
2005-04-14 18:52     ` Taylor, Grant [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-06-20 12:58 Feature Request Clement Sello Tsetsa
2024-06-20 13:29 ` rsbecker
2016-10-27 21:55 feature request John Rood
2016-10-27 22:01 ` Stefan Beller
2016-10-27 22:05   ` John Rood
2016-10-27 22:24     ` John Rood
2016-10-27 22:27       ` Junio C Hamano
2016-10-27 22:48         ` John Rood
2016-10-27 22:51           ` Junio C Hamano
2016-10-27 23:16             ` John Rood
2016-10-27 22:30 ` Stefan Beller
2016-10-27 22:44   ` John Rood
2016-10-27 22:46     ` Junio C Hamano
2016-10-27 23:24     ` David Lang
2016-10-28  8:49       ` Johannes Schindelin
2016-10-28 12:54       ` Philip Oakley
2013-02-18 18:52 Jay Townsend
2013-02-18 19:54 ` James Nylen
2013-02-18 20:45   ` Jeff King
2013-02-19  3:26     ` Drew Northup
2013-02-19 22:27     ` Shawn Pearce
2012-10-16 11:36 Angelo Borsotti
2012-10-16 12:15 ` Andrew Ardill
2012-10-16 17:27   ` Angelo Borsotti
2012-10-16 23:30     ` Sitaram Chamarty
2012-10-17  0:00     ` Andrew Ardill
2012-10-16 13:34 ` Christian Thaeter
2010-02-09  8:43 Feature Request Stefan *St0fF* Huebner
2010-02-09 12:28 ` Michael Tokarev
2010-02-09 14:19   ` Stefan Hübner
2008-09-09  9:49 l5ynlwlcyku9kvaqc2jf.j.HadVabVobs
2003-08-23  7:51 Pentium 4m kernel 2.4.21 Martin Klinkigt (multimedia-test)
2003-08-23  9:49 ` Viktor Radnai
2003-08-23 10:50   ` Feature request (was: Pentium 4m kernel 2.4.21) Viktor Radnai
2003-08-26 23:10     ` Dominik Brodowski
2003-08-27 17:16       ` Feature request Viktor Radnai
2003-08-28 13:50         ` Dominik Brodowski
2003-08-28 16:04           ` Daniel Thor Kristjansson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=425EBBF3.9090904@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=leolistas@solutti.com.br \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.