X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from mail-in-14.arcor-online.net (mail-in-14.arcor-online.net [151.189.21.54])
	(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.alpinelinux.org (Postfix) with ESMTPS id CC3FCDC18D4
	for <alpine-devel@lists.alpinelinux.org>; Wed, 11 Apr 2012 14:31:07 +0000 (UTC)
Received: from mail-in-13-z2.arcor-online.net (mail-in-13-z2.arcor-online.net [151.189.8.30])
	by mx.arcor.de (Postfix) with ESMTP id DDA5D9C6F7;
	Wed, 11 Apr 2012 16:31:05 +0200 (CEST)
Received: from mail-in-17.arcor-online.net (mail-in-17.arcor-online.net [151.189.21.57])
	by mail-in-13-z2.arcor-online.net (Postfix) with ESMTP id C9955E199D;
	Wed, 11 Apr 2012 16:31:05 +0200 (CEST)
Received: from [192.168.16.209] (85-127-38-161.dynamic.xdsl-line.inode.at [85.127.38.161])
	(Authenticated sender: panthera.tigris@arcor.de)
	by mail-in-17.arcor-online.net (Postfix) with ESMTPA id 8727410D792;
	Wed, 11 Apr 2012 16:31:05 +0200 (CEST)
X-DKIM: Sendmail DKIM Filter v2.8.2 mail-in-17.arcor-online.net 8727410D792
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arcor.de; s=mail-in;
	t=1334154665; bh=FAOf9I6tHpnvIKfSzGHjSm/FuWOMP8qbu3JNSIWsdp0=;
	h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References:
	 In-Reply-To:Content-Type:Content-Transfer-Encoding;
	b=DnUnNv64BP11jnqI8jc7fR9hO4qQHBLggjVsaG4s+uzXQcsqgwhsDmvp8aSV0GDnd
	 OEj/zc4E0p4jFB+/KZo8r4qU/ZYRU9u7ndK8bvkpEa4MTyIF/S3XSnzMDrSV8tBkXE
	 A3i2cAnZr6ozHIQt3L/a99plVPpxyLJvA+9wU+e4=
Message-ID: <4F8595A9.8080704@arcor.de>
Date: Wed, 11 Apr 2012 16:31:05 +0200
From: Der Tiger <der.tiger.alpine@arcor.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120329 Thunderbird/11.0.1
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
To: Ted Trask <ttrask01@yahoo.com>
CC: "alpine-devel@lists.alpinelinux.org" <alpine-devel@lists.alpinelinux.org>
Subject: Re: [alpine-devel] [Patch] acf-iptables: fixing model
References: <4F6E1119.8080306@arcor.de> <1333732837.18993.YahooMailNeo@web130105.mail.mud.yahoo.com> <4F8589D0.3010002@arcor.de> <6D2E9A25-1C97-4FED-B5D3-BC0123220404@yahoo.com>
In-Reply-To: <6D2E9A25-1C97-4FED-B5D3-BC0123220404@yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

ReHi Ted,

Thanks for you prompt reply! You'll find three example lines below. The
first line looses '--to-ports 53', the second line can't be saved,
because target TCPMSS requires the '--clamp-mss-to-pmtu' parameter,
which gets lost when the rule is edited in the GUI. The third line,
apart from the '-j LOG' directive, gets lost completely.

-A PREROUTING -s 192.168.0.0/16 -p udp -m comment --comment "Force DNS
thru BIND" -j REDIRECT --to-ports 53

-A FORWARD -o ppp+ -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment
--comment "PPP set MTU" -j TCPMSS --clamp-mss-to-pmtu

-A FORWARD -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix
"fw-input-reject "

Regards, Tiger

Am 2012-04-11 16:03, schrieb Ted Trask:
> Ok, thanks for testing again. To make my life easier, can you send me an example of a statement that doesn't work? I'm definitely not an iptables expert, so I'm not aware of all of the possibilities. Thanks.
> 
> Ted
> 
> On Apr 11, 2012, at 9:40 AM, Der Tiger <der.tiger.alpine@arcor.de> wrote:
> 
>> ReHi Ted,
>>
>> The patch works nicely! So far I didn't encounter any more problems
>> entering and editing data in the existing fields of the iptables GUI form.
>>
>> Due to the complexity of the iptables configuration not all possible
>> options are represented in the form by dedicated field. For instance
>> port REDIRECT statements in the nat table are not handled, so far.
>> Unfortunately this causes the parameters to be thrown out, once the rule
>> is edited, because the is no field in the form to hold the data.
>>
>> Therefore, I'd suggest to add an "Additional Options" field to the form,
>> that is filled with all unrecognised fractions of the rule string in
>> order to prevent those fractions from getting lost when the rule is saved.
>>
>> Regards, Tiger
>>
>> Am 2012-04-06 19:20, schrieb Ted Trask:
>>> Thank you for the patch, and sorry for the long delay before properly
>>> responding. Unfortunately, the bugs you found were not the only ones
>>> present. I guess acf-iptables hadn't been tested in a while. Please
>>> see http://git.alpinelinux.org/cgit/acf-iptables/commit/?id=ce765fba9cf9fd1c4b1981ab137df35c4b662b04
>>> for the changes I committed. Please try using the file
>>> http://git.alpinelinux.org/cgit/acf-iptables/tree/iptables-model.lua to
>>> make sure I fixed your reported problems. Once I hear back from you,
>>> I'll feel more confident in bumping the package version.
>>>
>>> Ted
>>>
>>> ------------------------------------------------------------------------
>>> *From:* Der Tiger <der.tiger.alpine@arcor.de>
>>> *To:* alpine-devel@lists.alpinelinux.org
>>> *Sent:* Saturday, March 24, 2012 2:23 PM
>>> *Subject:* [alpine-devel] [Patch] acf-iptables: fixing model
>>>
>>> Hi,
>>>
>>> There are two bugs causing the web interface to malfunction when either
>>> a protocol selection is negated using a exclamation mark (!) or a
>>> comment is entered in the appropriate field of the form.
>>>
>>> PLEASE, make sure removing the escaping of the spec string does not
>>> cause problems with certain data entered in the form! So far, I had no
>>> troubles while testing, because the fields are checked in
>>> validate_rule(), anyway.
>>>
>>> Regards, Tiger
>>>
>>> --- /usr/share/acf/app/iptables/iptables-model.lua.orig
>>> +++ /usr/share/acf/app/iptables/iptables-model.lua
>>> @@ -147 +147 @@
>>> -    addparameter(rule.value.protocol.value, "-p")
>>> +    addparameter(rule.value.protocol.value, "-p", true)
>>> @@ -520 +520 @@
>>> -        local cmd = path .. "iptables -t " ..
>>> format.escapespecialcharacters(rule.value.table.value) .. " -R " ..
>>> format.escapespecialcharacters(rule.value.chain.value) .. " " ..
>>> format.escapespecialcharacters(rule.value.position.value) .. " " ..
>>> format.escapespecialcharacters(spec) .. " 2>&1"
>>> +        local cmd = path .. "iptables -t " ..
>>> format.escapespecialcharacters(rule.value.table.value) .. " -R " ..
>>> format.escapespecialcharacters(rule.value.chain.value) .. " " ..
>>> format.escapespecialcharacters(rule.value.position.value) .. " " .. spec
>>> .. " 2>&1"
>>>
>>>
>>>
>>> ---
>>> Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
>>> <mailto:unsubscribe@lists.alpinelinux.org>
>>> Help:        alpine-devel+help@lists.alpinelinux.org
>>> <mailto:help@lists.alpinelinux.org>
>>> ---
>>>
>>>
>>>
>>
>>
>> ---
>> Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
>> Help:         alpine-devel+help@lists.alpinelinux.org
>> ---
>>
> 


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---