Hello,
I've written bash programmable completion (compspec) for ip[6]tables.
There is already completion code for iptables in the bash_completion
package, but it is far less feature rich (just knows about the basic
options).
My version supports all options (except -4, -6), matches and targets by
iptables v1.4.18. Plus some data is retrieved dynamically from the
system (i.e. interface names) and IP and MAC addresses can be feed by file.
This is an alpha release and is available here:
http://sourceforge.net/projects/ipt-bashcompl/?source=navbar
mirror:
https://github.com/AllKind/iptables-bash_completion
Readme:
https://github.com/AllKind/iptables-bash_completion/blob/master/README.md
or:
http://sourceforge.net/p/ipt-bashcompl/code/ci/541c6a8b26b1acd1fb228b0a24e94256507451ab/tree/README.md
As by myself I only use and know about a subset of the features
available, I extracted all information from the man page. Some things I
could not resolve by that. I was hoping for the community and people
from devel to help me fill the gaps. As I'm trying to make things as
accurate as possible, showing only what is needed, when it is needed...
* AUDIT target - is it valid to audit 'drop' in the nat table? Doesn't
the nat table forbid DROP?
* MASQUERADE/REDIRECT targets - the man page says --to-ports and
--random are only valid for tcp/udp. What about dccp, sctp, udplite?
* MIRROR target - Is it valid in all or just the mangle table?
* TEE target - is it valid in all tables, commandline does not complain?
* connlimit match - is it valid in all tables? raw, nat?
* devgroup match - Can I retrieve a list of the device groups from the
system? The only thing I found was a site at sf.net, not updated for
years. I did not yet try to compile/install that piece of software.
* helper match - is there a way to retrieve all available helper names
from the system? If not, maybe I should just list the ones available by
now? And which are they, is there a doc somewhere listing them?
* mh match - list of named mh-types? `ip6tables -p ipv6-mh -h' does not
display them, as the man page promises.
* osf match - What are the actual valid genre strings? Anybody knows or
already did it, retrieve the valid genre strings dynamically, as they
might change?
If somebody notices a match or target displayed for the wrong table,
please inform me, so I can correct it.
I wasn't able to compile conntrack-tools yet, so CT targets timeout
policies cannot be dynamically retrieved by now. If someone already
coded that piece, let me know :)
Another feature of this completion is, that in many cases it does
validation of users input (i.e. when an integer value is expected) and
refuses completion after invalid input.
I hope I made the checks correctly.
If somebody notices an error or has an idea what I've left out, let me know.
This input validation might interfere with variable/command
substitution/glob completion. This issue is not resolved yet. I'm
thinking of implementing an environment variable to turn input
validation on/off.
Variable/command substitution makes things very unpredictable (from the
programs view), so I'm not sure if I should keep that feature at all.
Community feedback wanted...
I hope you like that piece of software and the design desicions i took.
Help, ideas, bug-reports, etc... are very much welcome.
Have a nice day!
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html