[PATCH] iptables-xml
Patrick McHardy
kaber at trash.net
Tue Jul 17 17:10:47 CEST 2007
Amin Azez wrote:
> Attached are:
> 1. A man page for iptables-xml
>
> 2. A fix for iptables.xslt allowing for an arbitrary depth of arguments
> or modifiers.
>
> Although iptables-xml cannot generate more than two levels deep, xml
> generated by other systems may prefer to generate
>
> <action>
> <restore-mark>
> <mask>0xff00</mask>
> </restore-mark>
> </action>
>
> than
>
> <action>
> <restore-mark/>
> <mask>0xff00</mask>
> </action>
>
> (which is what iptables-xml generates)
> even though the same iptables is re-generated on conversion.
>
> 3. A fix for iptables-xml.c so that combining of consecutive targets of
> rules with the same match into one XML rule, will not combine over a
> terminating action; i.e. there is no point in converting
>
> -A table -p tcp -j DROP
> -A table -p tcp -j MARK --set-mark 25
> -A table -p tcp -j RETURN
>
> into one XML rule with multiple actions as they are probably not
> logically combined in the mind of the author.
I assume these changes are compatible with previous versions?
More information about the netfilter-devel
mailing list