[Bug 790] New: Normalize iptables rules
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Fri May 25 11:46:11 CEST 2012
http://bugzilla.netfilter.org/show_bug.cgi?id=790
Summary: Normalize iptables rules
Product: iptables
Version: unspecified
Platform: All
OS/Version: RedHat Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: iptables-restore
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: tothandor at gmail.com
Estimated Hours: 0.0
Hello,
I wonder if you could add for e.g. a --test-save switch to iptables-restore
besides --test, to output a normalized form of iptables rules (like
iptables-save does).
It would really help to compare different set of generated/human written rules,
which is otherwise quite difficult, because rule-specification parameters could
vary.
There were discussion about this issue on GMane, but the suggested use of
iptables-xml does not help.
# diff -U0 ipt1.iptables ipt2.iptables
--- ipt1.iptables 2012-05-25 10:58:22.109505789 +0200
+++ ipt2.iptables 2012-05-25 11:03:16.965505418 +0200
@@ -9 +9 @@
--A INPUT -p tcp -m state --state NEW -m tcp -j ACCEPT --dport 23
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
# diff -U0 <(iptables-xml ipt1.iptables | xsltproc iptables.xslt -)
<(iptables-xml ipt2.iptables | xsltproc iptables.xslt -)
--- /dev/fd/63 2012-05-25 11:40:14.656504904 +0200
+++ /dev/fd/62 2012-05-25 11:40:14.656504904 +0200
@@ -9 +9 @@
--A INPUT -p tcp -m state --state NEW -m tcp -j ACCEPT --dport 23
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
Tested on iptables version 1.4.7.
Bests,
Andor
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
More information about the netfilter-buglog
mailing list