diff options
| author | Sam Liddicott <azez@ufomechanic.net> | 2007-07-17 17:02:04 +0000 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2007-07-17 17:02:04 +0000 |
| commit | 8e52815a55692d657aeca7f8ecf656cd65dcfce0 (patch) | |
| tree | 878bfcb064752ccc5b81211fff49daf6bf2fdb1c /iptables.xslt | |
| parent | 115ce7a1c3cf65164a29597862ff099101ed8e95 (diff) | |
iptables-xml
Attached are:
1. A man page for iptables-xml
2. A fix for iptables.xslt allowing for an arbitrary depth of arguments
or modifiers.
Although iptables-xml cannot generate more than two levels deep, xml
generated by other systems may prefer to generate
<action>
<restore-mark>
<mask>0xff00</mask>
</restore-mark>
</action>
than
<action>
<restore-mark/>
<mask>0xff00</mask>
</action>
(which is what iptables-xml generates)
even though the same iptables is re-generated on conversion.
3. A fix for iptables-xml.c so that combining of consecutive targets of
rules with the same match into one XML rule, will not combine over a
terminating action; i.e. there is no point in converting
-A table -p tcp -j DROP
-A table -p tcp -j MARK --set-mark 25
-A table -p tcp -j RETURN
into one XML rule with multiple actions as they are probably not
logically combined in the mind of the author.
Signed-off by: Sam Liddicott <azez@ufomechanic.net>
Diffstat (limited to 'iptables.xslt')
| -rw-r--r-- | iptables.xslt | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/iptables.xslt b/iptables.xslt index 4cf84191..07cec19c 100644 --- a/iptables.xslt +++ b/iptables.xslt @@ -44,7 +44,7 @@ </xsl:template> <!-- all child action nodes --> - <xsl:template match="iptables-rules/table/chain/rule/actions/*/*|iptables-rules/table/chain/rule/actions/*//*|iptables-rules/table/chain/rule/conditions/*/*|iptables-rules/table/chain/rule/conditions/*//*"> + <xsl:template match="iptables-rules/table/chain/rule/actions//*|iptables-rules/table/chain/rule/conditions//*" priority="0"> <xsl:if test="@invert=1"><xsl:text> !</xsl:text></xsl:if> <xsl:text> -</xsl:text> <!-- if length of name is 1 character, then only do 1 - not 2 --> @@ -52,7 +52,8 @@ <xsl:text>-</xsl:text> </xsl:if> <xsl:value-of select="name()"/> - <xsl:text> </xsl:text><xsl:value-of select="."/> + <xsl:text> </xsl:text> + <xsl:apply-templates select="node()"/> </xsl:template> <xsl:template match="iptables-rules/table/chain/rule/actions/call/*|iptables-rules/table/chain/rule/actions/goto/*"> |