From: Phil Oester <kernel@linuxace.com>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>, netfilter-devel@vger.kernel.org
Subject: Re: [PATCH v2] iptables: allow service names in [DS]NAT targets
Date: Wed, 24 Jul 2013 17:17:12 -0700 [thread overview]
Message-ID: <20130725001712.GA14675@linuxace.com> (raw)
In-Reply-To: <alpine.DEB.2.00.1307242308350.23361@blackhole.kfki.hu>
On Wed, Jul 24, 2013 at 11:11:48PM +0200, Jozsef Kadlecsik wrote:
> On Wed, 24 Jul 2013, Pablo Neira Ayuso wrote:
> > But this does not:
> >
> > --to-source 1.1.1.1-1.1.1.10:telnet-http
> > iptables v1.4.19.1: SNAT: Bad value for "--to" option:
> > "1.1.1.1-1.1.1.10:telnet-ssh"
> >
> > I think it should, for consistency (even if I have to confess that it
> > looks a bit ugly to me).
> >
> > If you decide to address this and send me a new version to support
> > this, then it would be also good to update the manpage to say that we
> > support services starting 1.4.20.
>
> That is still ambiguous - there are service names with dash. So I suggest
> to support the notation '[name-with-dash]' in order to explicitly express
> and handle such cases.
Or perhaps as an alternative, we don't allow more than one port if one
wishes to use service names? It seems the port parser is going to get so
complicated it will lead to bugs. Particularly since ip6tables uses [ ] for
addresses to disambiguate them from the :port section. Now we'd have to be
able to handle multiple [] arguments.
So these would be acceptable:
:22-23
:ssh
:wap-push (port 2948)
this would not:
:ssh-telnet
Phil
prev parent reply other threads:[~2013-07-25 0:17 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-08 16:46 [PATCH v2] iptables: allow service names in [DS]NAT targets Phil Oester
2013-07-24 19:00 ` Pablo Neira Ayuso
2013-07-24 21:11 ` Jozsef Kadlecsik
2013-07-25 0:17 ` Phil Oester [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130725001712.GA14675@linuxace.com \
--to=kernel@linuxace.com \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).