From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: [PATCH] iptables-xml Date: Tue, 17 Jul 2007 17:10:47 +0200 Message-ID: <469CDBF7.6070202@trash.net> References: <469B4410.300@ufomechanic.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: Netfilter Developer Mailing List To: Amin Azez Return-path: In-Reply-To: <469B4410.300@ufomechanic.net> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Amin Azez wrote: > Attached are: > 1. A man page for iptables-xml > > 2. A fix for iptables.xslt allowing for an arbitrary depth of arguments > or modifiers. > > Although iptables-xml cannot generate more than two levels deep, xml > generated by other systems may prefer to generate > > > > 0xff00 > > > > than > > > > 0xff00 > > > (which is what iptables-xml generates) > even though the same iptables is re-generated on conversion. > > 3. A fix for iptables-xml.c so that combining of consecutive targets of > rules with the same match into one XML rule, will not combine over a > terminating action; i.e. there is no point in converting > > -A table -p tcp -j DROP > -A table -p tcp -j MARK --set-mark 25 > -A table -p tcp -j RETURN > > into one XML rule with multiple actions as they are probably not > logically combined in the mind of the author. I assume these changes are compatible with previous versions?