diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-07-03 17:24:05 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-07-07 20:53:11 +0200 |
commit | b0f6a45b25dd1b8e4ab0e3b2dd2a00d918ae29c0 (patch) | |
tree | d2d457d0b8384aee1f7a6d176c21ec9cf8814db6 /doc/libnftables.adoc | |
parent | 1dc9be8445265498a2db534ae254260b6e7dd75b (diff) |
src: add --literal option
Default not to print the service name as we discussed during the NFWS.
# nft list ruleset
table ip x {
chain y {
tcp dport 22
ip saddr 1.1.1.1
}
}
# nft -l list ruleset
table ip x {
chain y {
tcp dport ssh
ip saddr 1.1.1.1
}
}
# nft -ll list ruleset
table ip x {
chain y {
tcp dport 22
ip saddr 1dot1dot1dot1.cloudflare-dns.com
}
}
Then, -ll displays FQDN. just like the (now deprecated) --ip2name (-N)
option.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/libnftables.adoc')
-rw-r--r-- | doc/libnftables.adoc | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc index adfc9420..0387652f 100644 --- a/doc/libnftables.adoc +++ b/doc/libnftables.adoc @@ -25,8 +25,8 @@ void nft_ctx_output_set_numeric(struct nft_ctx* '\*ctx'*, bool nft_ctx_output_get_stateless(struct nft_ctx* '\*ctx'*); void nft_ctx_output_set_stateless(struct nft_ctx* '\*ctx'*, bool* 'val'*); -bool nft_ctx_output_get_ip2name(struct nft_ctx* '\*ctx'*); -void nft_ctx_output_set_ip2name(struct nft_ctx* '\*ctx'*, bool* 'val'*); +enum nft_literal_level nft_ctx_output_get_literal(struct nft_ctx* '\*ctx'*); +void nft_ctx_output_set_literal(struct nft_ctx* '\*ctx'*, bool* 'val'*); unsigned int nft_ctx_output_get_debug(struct nft_ctx* '\*ctx'*); void nft_ctx_output_set_debug(struct nft_ctx* '\*ctx'*, unsigned int* 'mask'*); @@ -133,14 +133,14 @@ The *nft_ctx_output_get_stateless*() function returns the stateless output setti The *nft_ctx_output_set_stateless*() function sets the stateless output setting in 'ctx' to the value of 'val'. -=== nft_ctx_output_get_ip2name() and nft_ctx_output_set_ip2name() -The ip2name setting controls whether reverse DNS lookups are performed for IP addresses when printing them. +=== nft_ctx_output_get_literal() and nft_ctx_output_set_literal() +The literal setting controls whether reverse DNS lookups are performed for IP addresses when printing them. Note that this may add significant delay to *list* commands depending on DNS resolver speed. -The default setting is *false*. +The default setting is *NFT_LITERAL_NONE*. -The *nft_ctx_output_get_ip2name*() function returns the ip2name output setting's value in 'ctx'. +The *nft_ctx_output_get_literal*() function returns the literal output setting's value in 'ctx'. -The *nft_ctx_output_set_ip2name*() function sets the ip2name output setting in 'ctx' to the value of 'val'. +The *nft_ctx_output_set_literal*() function sets the literal output setting in 'ctx' to the value of 'val'. === nft_ctx_output_get_debug() and nft_ctx_output_set_debug() Libnftables supports separate debugging of different parts of its internals. |