On 12 January 2014 21:17, Patrick McHardy <kaber@xxxxxxxxx> wrote:
> On Sun, Jan 12, 2014 at 08:41:33PM +0100, Arturo Borrero Gonzalez wrote:
>> Almost all shell uses the '>' character as a key for redirecting
>> stdout/stderr to a file.
>> So, using it in the syntax means that the administrator is forced to scape the
>> character, or look for other workaround.
>>
>> With this patch, '=>' is replaced with '=:', thus avoiding such situation.
>
> I'm not opposed to this, but I like (despite the shell problematic) the =>
> syntax better, so I'd suggest to just add an alternative syntax.
>
> As further simplification, why not simply use ':'?
Well, I also like using just ':'
But maybe we clash with IPv6 addresses in some cases:
nft add rule ip6 filter input ip6 saddr vmap { ::1 : accept , ::2 : drop }
nft add rule ip6 filter input ip6 saddr vmap { ::1:accept , ::2:drop }
nft add rule ip6 filter input meta dnat set tcp dport map { 80 : ::1,
8888 : ::2 }
nft add rule ip6 filter input meta dnat set tcp dport map { 80:::1, 8888:::2 }
what do you think?
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
