Re: iptables-save - suggest patch to add functionality

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Sun, 11 Mar 2018 21:57:36 +0100

Hi Alban,

On Tue, Jan 23, 2018 at 11:44:22AM +0100, Alban Vidal wrote:
> Package: iptables
> 
> Dear Maintainers,
>  
> Please find attached a suggest patch to add functionality in iptables-save.
> 
> -------------------------------------------------------------------------------
> 
> 1) Adding -z or --zero option: Reset to zero counters of the chains.
> 
> Example without:
> 
> iptables-save
> # Generated by iptables-save v1.6.1 on Tue Jan  9 21:42:51 2018
> *nat
> :PREROUTING ACCEPT [923:217673]
> :INPUT ACCEPT [309:97481]
> (...)
> 
> Example with:
> 
> iptables-save -z
> # Generated by iptables-save v1.6.1 on Tue Jan  9 21:42:26 2018
> *nat
> :PREROUTING ACCEPT [0:0]
> :INPUT ACCEPT [0:0]
> (...)

I have no objections to this -z feature, but better use -Z uppercase
instead, so we match it with the existing -Z in iptables that only
refers to chains too.

A single patch for this new feature is prefered.

> -------------------------------------------------------------------------------
> 
> 2) Adding -h or --help option: print help/usage (inspired by manpage)
> 
> Content:
> 
> iptables-save -h
> iptables-save and ip6tables-save are provides from iptables package — version 1.6.1
> 
> iptables-save and ip6tables-save are used to dump the contents of IP or IPv6 Table in easily parseable format to STDOUT. Use I/O-redirection provided by your shell to write to a file.
> 
> Usage: iptables-save  [-h] [-M modprobe] [-c] [-z] [-t table]
>        ip6tables-save [-h] [-M modprobe] [-c] [-z] [-t table]

Fine, but place this in a separated patch, no need for common file.
Don't bother about copy and paste.

Could you also update xtables-save BTW? This is the compat tool to
save iptables-compat listings from nftables.

> diff --git a/iptables/ip6tables-save.c b/iptables/ip6tables-save.c
> index 8e3a6afd..466ce0ce 100644
> --- a/iptables/ip6tables-save.c
> +++ b/iptables/ip6tables-save.c
> @@ -3,6 +3,8 @@
>   * Original code: iptables-save
>   * Authors: Paul 'Rusty' Russel <rusty@xxxxxxxxxxxxxxxx> and
>   *          Harald Welte <laforge@xxxxxxxxxxxx>
> + * Contributor: Alban Vidal <alban.vidal@xxxxxxxxxx>

These days, git already registers this, previous lines are just there
for historical reasons. So please, remove this.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html