diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-07-03 17:24:05 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-07-07 20:53:11 +0200 |
commit | b0f6a45b25dd1b8e4ab0e3b2dd2a00d918ae29c0 (patch) | |
tree | d2d457d0b8384aee1f7a6d176c21ec9cf8814db6 /include/nftables | |
parent | 1dc9be8445265498a2db534ae254260b6e7dd75b (diff) |
src: add --literal option
Default not to print the service name as we discussed during the NFWS.
# nft list ruleset
table ip x {
chain y {
tcp dport 22
ip saddr 1.1.1.1
}
}
# nft -l list ruleset
table ip x {
chain y {
tcp dport ssh
ip saddr 1.1.1.1
}
}
# nft -ll list ruleset
table ip x {
chain y {
tcp dport 22
ip saddr 1dot1dot1dot1.cloudflare-dns.com
}
}
Then, -ll displays FQDN. just like the (now deprecated) --ip2name (-N)
option.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/nftables')
-rw-r--r-- | include/nftables/libnftables.h | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h index 13ec3927..dee099f2 100644 --- a/include/nftables/libnftables.h +++ b/include/nftables/libnftables.h @@ -33,6 +33,12 @@ enum nft_numeric_level { NFT_NUMERIC_ALL, }; +enum nft_literal_level { + NFT_LITERAL_NONE, + NFT_LITERAL_PORT, + NFT_LITERAL_ADDR, +}; + /** * Possible flags to pass to nft_ctx_new() */ @@ -47,8 +53,8 @@ enum nft_numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx); void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum nft_numeric_level level); bool nft_ctx_output_get_stateless(struct nft_ctx *ctx); void nft_ctx_output_set_stateless(struct nft_ctx *ctx, bool val); -bool nft_ctx_output_get_ip2name(struct nft_ctx *ctx); -void nft_ctx_output_set_ip2name(struct nft_ctx *ctx, bool val); +enum nft_literal_level nft_ctx_output_get_literal(struct nft_ctx *ctx); +void nft_ctx_output_set_literal(struct nft_ctx *ctx, enum nft_literal_level val); unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx); void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask); bool nft_ctx_output_get_handle(struct nft_ctx *ctx); |