[Bug 1236] Services list is confusingly different from the /etc/services
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Mon Mar 26 12:46:31 CEST 2018
https://bugzilla.netfilter.org/show_bug.cgi?id=1236
--- Comment #3 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to Robin McCorkell from comment #2)
> While adding more standard services to the list would help, and the ability
> to define custom services is useful, it misses the point.
>
> As a new user of nftables coming from an iptables world, when I see a
> service name (e.g. 'domain') I expect that to be identical to /etc/services
> - as soon as there is *any* incompatibility I get frustrated. The service
> list used by nft should be /etc/services, not some custom internal table.
iptables-save doesn't use service names, and this is the prefered way to
save/restore/display rulesets these days.
> As long as a custom internal table is used, there will always be issues.
> Just use the system-provided services database via nsswitch.
These service lists are inconsistent under /etc/services from vendor to vendor,
hence moving one ruleset policy using service names from one linux vendor to
another may break.
I understand there's is a mind shift from iptables users, we're aiming to have
a self-contained scripting language in nftables.
I think defining variables for custom services should be good enough.
If there's any service name clearly wrong or default/standard list of services
is missing anything important, we can make patches for this too, let us know if
that is the case :-)
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180326/4ca7ec6c/attachment.html>
More information about the netfilter-buglog
mailing list