Re: [PATCHv6 iptables]Interface group match

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Lutz Jaenicke írta:
On Tue, Nov 20, 2007 at 02:14:28PM +0100, Laszlo Attila Toth wrote:
Interface group values can be checked on both input and output interfaces
with optional mask.

Index: extensions/libxt_ifgroup.c
===================================================================
--- extensions/libxt_ifgroup.c	(revision 0)
+++ extensions/libxt_ifgroup.c	(revision 0)

+		info->in_group = strtoul(optarg, &end, 0);

This is somewhat inconsistent with the iproute patch which targets
specific groups (with names).
Should iptables be allowed to read "/etc/iproute2/rt_ifgroup"?

It would be good but cannot be used if a mask is set and only values less than 256 can be used with names.

There is no standard API like getservbyname()...

The code of iproute2 should be copied. If Patrick says it is ok, I'll write this part.


I do have a draft patch for physdev which is however against
iptables-1.3.8 and linux-2.6.19 so it will need some more work
but I will attach it for discussion.

Thanks. I will send soon for net-2.6.25 and iptables svn version.

-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux