bugzilla-daemon@xxxxxxxxxxxxx <bugzilla-daemon@xxxxxxxxxxxxx> wrote: [ Switching to email ] > https://bugzilla.netfilter.org/show_bug.cgi?id=1145 > > --- Comment #1 from Ian Kumlien <ian.kumlien@xxxxxxxxx> --- > Is there anything obvious that i'm doing wrong? Is there something else i could > try? This boils down to nested sets: define dnat_host = 10.1.2.3 define dnat_ports = { 1234-1567 } define port_allow = { 53, # dns $dnat_ports, # dnat } define port_allow_tcp = { 80, 443, $port_allow } define port_allow_udp = { 67, 68, # dhcp 123, 1027, # ntp $port_allow } ... which we don't support at the moment. So, should we a). expand/'inline' the sets? (i.e. port_allow_tcp would contain 1234-1567, 53, 80, 443) b) support lookups within lookups? This would be needed to support non-anonymous sets within sets. or c) never support this? This would probably need some work on parser to be able to provide a clean error message rather than BUG() ... Opinions? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html