Re: [PATCH] iptables-xml - Patrick McHardy

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Amin Azez <azez@ufomechanic.net>
Cc: Netfilter Developer Mailing List <netfilter-devel@lists.netfilter.org>
Subject: Re: [PATCH] iptables-xml
Date: Tue, 17 Jul 2007 17:10:47 +0200	[thread overview]
Message-ID: <469CDBF7.6070202@trash.net> (raw)
In-Reply-To: <469B4410.300@ufomechanic.net>

Amin Azez wrote:
> Attached are:
> 1. A man page for iptables-xml
> 
> 2. A fix for iptables.xslt allowing for an arbitrary depth of arguments
> or modifiers.
> 
> Although iptables-xml cannot generate more than two levels deep, xml
> generated by other systems may prefer to generate
> 
> <action>
>   <restore-mark>
>     <mask>0xff00</mask>
>   </restore-mark>
> </action>
> 
> than
> 
> <action>
>   <restore-mark/>
>    <mask>0xff00</mask>
> </action>
> 
> (which is what iptables-xml generates)
> even though the same iptables is re-generated on conversion.
> 
> 3. A fix for iptables-xml.c so that combining of consecutive targets of
> rules with the same match into one XML rule, will not combine over a
> terminating action; i.e. there is no point in converting
> 
> -A table -p tcp -j DROP
> -A table -p tcp -j MARK --set-mark 25
> -A table -p tcp -j RETURN
> 
> into one XML rule with multiple actions as they are probably not
> logically combined in the mind of the author.


I assume these changes are compatible with previous versions?

next prev parent reply	other threads:[~2007-07-17 15:10 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-07-16 10:10 [PATCH] iptables-xml Amin Azez
2007-07-17 15:10 ` Patrick McHardy [this message]
     [not found]   ` <469CE066.2020501@ufomechanic.net>
2007-07-17 15:54     ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=469CDBF7.6070202@trash.net \
    --to=kaber@trash.net \
    --cc=azez@ufomechanic.net \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.