git.ipfire.org Git - thirdparty/iptables.git/commit

author	Sam Liddicott <azez@ufomechanic.net>
	Tue, 17 Jul 2007 17:02:04 +0000 (17:02 +0000)
committer	Patrick McHardy <kaber@trash.net>
	Tue, 17 Jul 2007 17:02:04 +0000 (17:02 +0000)
commit	8e52815a55692d657aeca7f8ecf656cd65dcfce0
tree	878bfcb064752ccc5b81211fff49daf6bf2fdb1c	tree \| snapshot
parent	115ce7a1c3cf65164a29597862ff099101ed8e95	commit \| diff

iptables-xml

Attached are:
1. A man page for iptables-xml

2. A fix for iptables.xslt allowing for an arbitrary depth of arguments
or modifiers.

Although iptables-xml cannot generate more than two levels deep, xml
generated by other systems may prefer to generate

<action>
  <restore-mark>
    <mask>0xff00</mask>
  </restore-mark>
</action>

than

<action>
  <restore-mark/>
   <mask>0xff00</mask>
</action>

(which is what iptables-xml generates)
even though the same iptables is re-generated on conversion.

3. A fix for iptables-xml.c so that combining of consecutive targets of
rules with the same match into one XML rule, will not combine over a
terminating action; i.e. there is no point in converting

-A table -p tcp -j DROP
-A table -p tcp -j MARK --set-mark 25
-A table -p tcp -j RETURN

into one XML rule with multiple actions as they are probably not
logically combined in the mind of the author.

Signed-off by: Sam Liddicott <azez@ufomechanic.net>

iptables-xml.8	[new file with mode: 0644]	blob
iptables-xml.c		diff \| blob \| blame \| history
iptables.xslt		diff \| blob \| blame \| history