On 12 January 2014 21:17, Patrick McHardy <kaber@xxxxxxxxx> wrote: > On Sun, Jan 12, 2014 at 08:41:33PM +0100, Arturo Borrero Gonzalez wrote: >> Almost all shell uses the '>' character as a key for redirecting >> stdout/stderr to a file. >> So, using it in the syntax means that the administrator is forced to scape the >> character, or look for other workaround. >> >> With this patch, '=>' is replaced with '=:', thus avoiding such situation. > > I'm not opposed to this, but I like (despite the shell problematic) the => > syntax better, so I'd suggest to just add an alternative syntax. > > As further simplification, why not simply use ':'? Well, I also like using just ':' But maybe we clash with IPv6 addresses in some cases: nft add rule ip6 filter input ip6 saddr vmap { ::1 : accept , ::2 : drop } nft add rule ip6 filter input ip6 saddr vmap { ::1:accept , ::2:drop } nft add rule ip6 filter input meta dnat set tcp dport map { 80 : ::1, 8888 : ::2 } nft add rule ip6 filter input meta dnat set tcp dport map { 80:::1, 8888:::2 } what do you think? -- Arturo Borrero González -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html