On Wed, Jul 04, 2018 at 02:29:46PM +0200, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > Default not to print the service name as we discussed during the NFWS.
> >
> > # nft list ruleset
> > table ip x {
> > chain y {
> > ...
> > tcp dport 22 counter packets 0 bytes 0
> > }
> > }
> >
> > Still, if you want it to be displayed, you can pass -NN.
> >
> > # nft list ruleset -NN
> > table ip x {
> > chain y {
> > ...
> > tcp dport ssh counter packets 0 bytes 0
> > }
> > }
> >
> > Single -N still retains the same behaviour, ie. display FQDN. --ip2name
> > option is still left in place but the new --literal is preferred.
>
> Maybe add a --port2name instead?
I will add -l, so one single -l means display service names, and -ll
displays the services names + FQDN, I can also add two independent
options too, but probably too complicated for two things people should
not use.
> Or always print literal port, its coming from internal list so no
> penalty (unlike e.g. reverse dns).
>
> Is this to discourage literal service names?
Yes, I think we agreed on this during the NFWS IIRC.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
