Mail archive
alpine-devel

Re: [alpine-devel] [Patch] acf-iptables: fixing model

From: Ted Trask <ttrask01_at_yahoo.com>
Date: Wed, 11 Apr 2012 10:03:59 -0400

Ok, thanks for testing again. To make my life easier, can you send me an example of a statement that doesn't work? I'm definitely not an iptables expert, so I'm not aware of all of the possibilities. Thanks.

Ted

On Apr 11, 2012, at 9:40 AM, Der Tiger <der.tiger.alpine_at_arcor.de> wrote:

> ReHi Ted,
>
> The patch works nicely! So far I didn't encounter any more problems
> entering and editing data in the existing fields of the iptables GUI form.
>
> Due to the complexity of the iptables configuration not all possible
> options are represented in the form by dedicated field. For instance
> port REDIRECT statements in the nat table are not handled, so far.
> Unfortunately this causes the parameters to be thrown out, once the rule
> is edited, because the is no field in the form to hold the data.
>
> Therefore, I'd suggest to add an "Additional Options" field to the form,
> that is filled with all unrecognised fractions of the rule string in
> order to prevent those fractions from getting lost when the rule is saved.
>
> Regards, Tiger
>
> Am 2012-04-06 19:20, schrieb Ted Trask:
>> Thank you for the patch, and sorry for the long delay before properly
>> responding. Unfortunately, the bugs you found were not the only ones
>> present. I guess acf-iptables hadn't been tested in a while. Please
>> see http://git.alpinelinux.org/cgit/acf-iptables/commit/?id=ce765fba9cf9fd1c4b1981ab137df35c4b662b04
>> for the changes I committed. Please try using the file
>> http://git.alpinelinux.org/cgit/acf-iptables/tree/iptables-model.lua to
>> make sure I fixed your reported problems. Once I hear back from you,
>> I'll feel more confident in bumping the package version.
>>
>> Ted
>>
>> ------------------------------------------------------------------------
>> *From:* Der Tiger <der.tiger.alpine_at_arcor.de>
>> *To:* alpine-devel_at_lists.alpinelinux.org
>> *Sent:* Saturday, March 24, 2012 2:23 PM
>> *Subject:* [alpine-devel] [Patch] acf-iptables: fixing model
>>
>> Hi,
>>
>> There are two bugs causing the web interface to malfunction when either
>> a protocol selection is negated using a exclamation mark (!) or a
>> comment is entered in the appropriate field of the form.
>>
>> PLEASE, make sure removing the escaping of the spec string does not
>> cause problems with certain data entered in the form! So far, I had no
>> troubles while testing, because the fields are checked in
>> validate_rule(), anyway.
>>
>> Regards, Tiger
>>
>> --- /usr/share/acf/app/iptables/iptables-model.lua.orig
>> +++ /usr/share/acf/app/iptables/iptables-model.lua
>> _at_@ -147 +147 @@
>> - addparameter(rule.value.protocol.value, "-p")
>> + addparameter(rule.value.protocol.value, "-p", true)
>> _at_@ -520 +520 @@
>> - local cmd = path .. "iptables -t " ..
>> format.escapespecialcharacters(rule.value.table.value) .. " -R " ..
>> format.escapespecialcharacters(rule.value.chain.value) .. " " ..
>> format.escapespecialcharacters(rule.value.position.value) .. " " ..
>> format.escapespecialcharacters(spec) .. " 2>&1"
>> + local cmd = path .. "iptables -t " ..
>> format.escapespecialcharacters(rule.value.table.value) .. " -R " ..
>> format.escapespecialcharacters(rule.value.chain.value) .. " " ..
>> format.escapespecialcharacters(rule.value.position.value) .. " " .. spec
>> .. " 2>&1"
>>
>>
>>
>> ---
>> Unsubscribe: alpine-devel+unsubscribe_at_lists.alpinelinux.org
>> <mailto:unsubscribe_at_lists.alpinelinux.org>
>> Help: alpine-devel+help_at_lists.alpinelinux.org
>> <mailto:help_at_lists.alpinelinux.org>
>> ---
>>
>>
>>
>
>
> ---
> Unsubscribe: alpine-devel+unsubscribe_at_lists.alpinelinux.org
> Help: alpine-devel+help_at_lists.alpinelinux.org
> ---
>


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Wed Apr 11 2012 - 10:03:59 UTC