On 02.03.2016 13:54, Pablo Neira Ayuso wrote:
On Wed, Mar 02, 2016 at 01:24:01PM +0100, Mart Frauenlob wrote:
On 02.03.2016 12:34, Pablo Neira Ayuso wrote:
On Thu, Feb 25, 2016 at 04:06:53PM +0100, Mart Frauenlob wrote:
[...]
One idea is to push into iptables some infrastructure so the script
can inquire iptables on available options. This would be simple C code
to be places on every extension to print the options. Then, add a tool
like iptables-completion that you can use to inquire what is possible
to get as options. Thus, we get a generic script that inquires
iptables, instead of having them all hardcoded into the script.
One more thing coming into my mind:
A new tool would not be backwards compatible.
While the shell completion could be used with old versions up to when
the -S parameter was introduced. When commenting out some unsupported
extensions in their definition array, it'll be suitable for vast parts.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
