On Friday 2015-08-07 13:07, Pablo Neira Ayuso wrote: >On Wed, Jul 15, 2015 at 07:46:05PM +0200, Jan Engelhardt wrote: >[...] >> Printing it differently is a separate concern one can think about, >> but with a separate patch. :-) > >Either way... > >Will you send me that follow up patch so I can get this applied? When specifying e.g. "-m policy --dir in", the xt_policy kernel module will indeedx test for much more than just the direction, but the additional tests it does on other fields are idempotent after all. I oppose that idempotent expressions in rules, implicit or explicit, shall lead to output when the ruleset is read back. A rule like -A INPUT -m policy --dir in should not, by default, cause `iptables -S` to output a rule with terms essentially irrelevant to the human reader. -A INPUT -m policy --dir in --reqid 0:4294967295 --spi 0:4294967295 proto 0 --mode 0 --tunnel-src 0.0.0.0/0 --tunnel-dst 0.0.0.0/0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
