[announce] - Bash programmable completion for ip[6]tables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I've written bash programmable completion (compspec) for ip[6]tables.
There is already completion code for iptables in the bash_completion package, but it is far less feature rich (just knows about the basic options). My version supports all options (except -4, -6), matches and targets by iptables v1.4.18. Plus some data is retrieved dynamically from the system (i.e. interface names) and IP and MAC addresses can be feed by file.

This is an alpha release and is available here:

http://sourceforge.net/projects/ipt-bashcompl/?source=navbar

mirror:
https://github.com/AllKind/iptables-bash_completion

Readme:
https://github.com/AllKind/iptables-bash_completion/blob/master/README.md

or:
http://sourceforge.net/p/ipt-bashcompl/code/ci/541c6a8b26b1acd1fb228b0a24e94256507451ab/tree/README.md


As by myself I only use and know about a subset of the features available, I extracted all information from the man page. Some things I could not resolve by that. I was hoping for the community and people from devel to help me fill the gaps. As I'm trying to make things as accurate as possible, showing only what is needed, when it is needed...

* AUDIT target - is it valid to audit 'drop' in the nat table? Doesn't the nat table forbid DROP?

* MASQUERADE/REDIRECT targets - the man page says --to-ports and --random are only valid for tcp/udp. What about dccp, sctp, udplite?

* MIRROR target - Is it valid in all or just the mangle table?

* TEE target - is it valid in all tables, commandline does not complain?

* connlimit match - is it valid in all tables? raw, nat?

* devgroup match - Can I retrieve a list of the device groups from the system? The only thing I found was a site at sf.net, not updated for years. I did not yet try to compile/install that piece of software.

* helper match - is there a way to retrieve all available helper names from the system? If not, maybe I should just list the ones available by now? And which are they, is there a doc somewhere listing them?

* mh match - list of named mh-types? `ip6tables -p ipv6-mh -h' does not display them, as the man page promises.

* osf match - What are the actual valid genre strings? Anybody knows or already did it, retrieve the valid genre strings dynamically, as they might change?

If somebody notices a match or target displayed for the wrong table, please inform me, so I can correct it.

I wasn't able to compile conntrack-tools yet, so CT targets timeout policies cannot be dynamically retrieved by now. If someone already coded that piece, let me know :)

Another feature of this completion is, that in many cases it does validation of users input (i.e. when an integer value is expected) and refuses completion after invalid input.
I hope I made the checks correctly.
If somebody notices an error or has an idea what I've left out, let me know.
This input validation might interfere with variable/command substitution/glob completion. This issue is not resolved yet. I'm thinking of implementing an environment variable to turn input validation on/off. Variable/command substitution makes things very unpredictable (from the programs view), so I'm not sure if I should keep that feature at all.
Community feedback wanted...

I hope you like that piece of software and the design desicions i took.
Help, ideas, bug-reports, etc... are very much welcome.

Have a nice day!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux