On Wed, 26 Mar 2008 08:56:21 -0400 Michael DeHaan <mdehaan@xxxxxxxxxx> wrote: > -- Persistance (you mentioned this) > -- Support "save" to write stuff to /etc/sysconfig/iptables How this two should be different? I would like to be as much distro independent as it's possible (. I would like to call "/sbin/iptables-save" and store the result in appropriate place. This will be different in distros other than Fedora so i would like it to be configurable. What is the best (standard) way of handling this? > -- Possibly allow functions to take lists as well, so if you > wanted to add 10 different rules, it wouldn't be 10 calls. Could you give me an example of module doing that so i can see what exactly you mean? > I definitely like the option of being able to do REJECT instead of > DROP, since that plays nicer with external error > handling. This is easy. I could just clone "drop*" methods and change their names to "reject*", like this: func '*' call iptables reject_from 192.168.0.10 func '*' call iptables.port reject_to 80 192.168.0.10 > > Feel free to hack on it some more if you like, I'll commit it > whenever you're ready -- or we can go ahead and check > this version in now too. I would like to get some comments on the code and API of this module. Just quick look, maybe something could be done simpler/better? _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
