6:55 p.m.
Due to iptables commit 945353a2 (in iptables v1.4.20 and higher), ip6tables
no longer prints out /128. This patch removes /128 from output files, and
replaces '/128' in command output with ' ' to remain compatible with
older versions of ip6tables.
---
scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall | 24
+++++++++++-----------
scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall | 24
+++++++++++-----------
scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall | 12 +++++------
scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall | 24
+++++++++++-----------
scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall | 12 +++++------
scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall | 14 ++++++-------
scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall | 24
+++++++++++-----------
scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall | 24
+++++++++++-----------
scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall | 24
+++++++++++-----------
scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall | 24
+++++++++++-----------
10 files changed, 103 insertions(+), 103 deletions(-)
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
b/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
index 8c10b04..64db89d 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
@@ -1,21 +1,21 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/ /'
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN ah f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN ah ::/0 a:b:c::/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
-RETURN ah ::/0 ::10.1.2.3/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN ah f:e:d::c:b:a/127 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN ah ::/0 a:b:c:: DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+RETURN ah ::/0 ::10.1.2.3 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/ /'
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT ah a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match 0x02state
ESTABLISHED ctdir ORIGINAL
-ACCEPT ah a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
-ACCEPT ah ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT ah a:b:c::d:e:f f:e:d::c:b:a/127 DSCP match 0x02state
ESTABLISHED ctdir ORIGINAL
+ACCEPT ah a:b:c:: ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT ah ::10.1.2.3 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/ /'
Chain HI-vnet0 (1 references)
target prot opt source destination
-RETURN ah f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN ah ::/0 a:b:c::/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
-RETURN ah ::/0 ::10.1.2.3/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+RETURN ah f:e:d::c:b:a/127 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN ah ::/0 a:b:c:: DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+RETURN ah ::/0 ::10.1.2.3 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
b/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
index f053b39..c56b85a 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
@@ -1,21 +1,21 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/ /'
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN all f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN all ::/0 a:b:c::/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
-RETURN all ::/0 ::10.1.2.3/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN all f:e:d::c:b:a/127 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN all ::/0 a:b:c:: DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+RETURN all ::/0 ::10.1.2.3 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/ /'
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT all a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match 0x02state
ESTABLISHED ctdir ORIGINAL
-ACCEPT all a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
-ACCEPT all ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT all a:b:c::d:e:f f:e:d::c:b:a/127 DSCP match 0x02state
ESTABLISHED ctdir ORIGINAL
+ACCEPT all a:b:c:: ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT all ::10.1.2.3 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/ /'
Chain HI-vnet0 (1 references)
target prot opt source destination
-RETURN all f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN all ::/0 a:b:c::/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
-RETURN all ::/0 ::10.1.2.3/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+RETURN all f:e:d::c:b:a/127 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN all ::/0 a:b:c:: DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+RETURN all ::/0 ::10.1.2.3 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
b/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
index 038d2cb..32c5078 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
@@ -28,24 +28,24 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/ /'
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::/128 DSCP match 0x39 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */
+RETURN tcp ::/0 a:b:c:: DSCP match 0x39 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */
RETURN udp ::/0 ::/0 state ESTABLISHED ctdir
ORIGINAL/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */
RETURN sctp ::/0 ::/0 state ESTABLISHED ctdir
ORIGINAL/* comment with lone ', `, ", `, \, $x, and two spaces */
RETURN ah ::/0 ::/0 state ESTABLISHED ctdir
ORIGINAL/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
-#ip6tables -L FO-vnet0 -n
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/ /'
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x39 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY/* tcp/ipv6 rule
*/
+ACCEPT tcp a:b:c:: ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x39 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY/* tcp/ipv6 rule
*/
ACCEPT udp ::/0 ::/0 state NEW,ESTABLISHED ctdir
REPLY/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */
ACCEPT sctp ::/0 ::/0 state NEW,ESTABLISHED ctdir
REPLY/* comment with lone ', `, ", `, \, $x, and two spaces */
ACCEPT ah ::/0 ::/0 state NEW,ESTABLISHED ctdir
REPLY/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
-#ip6tables -L HI-vnet0 -n
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/ /'
Chain HI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::/128 DSCP match 0x39 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */
+RETURN tcp ::/0 a:b:c:: DSCP match 0x39 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */
RETURN udp ::/0 ::/0 state ESTABLISHED ctdir
ORIGINAL/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */
RETURN sctp ::/0 ::/0 state ESTABLISHED ctdir
ORIGINAL/* comment with lone ', `, ", `, \, $x, and two spaces */
RETURN ah ::/0 ::/0 state ESTABLISHED ctdir
ORIGINAL/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
b/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
index dbdaa36..cf3faaa 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
@@ -1,21 +1,21 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/ /'
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN esp f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN esp ::/0 a:b:c::/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
-RETURN esp ::/0 ::10.1.2.3/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN esp f:e:d::c:b:a/127 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN esp ::/0 a:b:c:: DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+RETURN esp ::/0 ::10.1.2.3 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/ /'
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT esp a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match 0x02state
ESTABLISHED ctdir ORIGINAL
-ACCEPT esp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
-ACCEPT esp ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT esp a:b:c::d:e:f f:e:d::c:b:a/127 DSCP match 0x02state
ESTABLISHED ctdir ORIGINAL
+ACCEPT esp a:b:c:: ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT esp ::10.1.2.3 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/ /'
Chain HI-vnet0 (1 references)
target prot opt source destination
-RETURN esp f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN esp ::/0 a:b:c::/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
-RETURN esp ::/0 ::10.1.2.3/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+RETURN esp f:e:d::c:b:a/127 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN esp ::/0 a:b:c:: DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+RETURN esp ::/0 ::10.1.2.3 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 |tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
b/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
index 2ed979e..0aaa50c 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
@@ -28,18 +28,18 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/ /'
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::/128 DSCP match 0x39 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN tcp ::/0 a:b:c:: DSCP match 0x39 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/ /'
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x39 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT tcp a:b:c:: ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x39 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/ /'
Chain HI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::/128 DSCP match 0x39 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
+RETURN tcp ::/0 a:b:c:: DSCP match 0x39 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
#ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
b/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
index 4749f84..b25a0e7 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
@@ -1,16 +1,16 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/ /'
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02ipv6-icmp type 12 code 11 state NEW,ESTABLISHED
-#ip6tables -L FO-vnet0 -n
+RETURN icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02ipv6-icmp type 12 code 11 state NEW,ESTABLISHED
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/ /'
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmpv6 a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21ipv6-icmp type 255 code 255 state NEW,ESTABLISHED
-ACCEPT icmpv6 ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21ipv6-icmp type 255 code 255 state NEW,ESTABLISHED
-#ip6tables -L HI-vnet0 -n
+ACCEPT icmpv6 a:b:c:: ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21ipv6-icmp type 255 code 255 state NEW,ESTABLISHED
+ACCEPT icmpv6 ::10.1.2.3 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21ipv6-icmp type 255 code 255 state NEW,ESTABLISHED
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/ /'
Chain HI-vnet0 (1 references)
target prot opt source destination
-RETURN icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02ipv6-icmp type 12 code 11 state NEW,ESTABLISHED
+RETURN icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02ipv6-icmp type 12 code 11 state NEW,ESTABLISHED
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
b/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
index 40d51f7..90c2284 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
@@ -1,21 +1,21 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/ /'
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN sctp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN sctp ::/0 a:b:c::/128 DSCP match 0x21sctp
spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
-RETURN sctp ::/0 ::10.1.2.3/128 DSCP match 0x3fsctp
spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN sctp ::/0 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp ::/0 a:b:c:: DSCP match 0x21sctp
spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp ::/0 ::10.1.2.3 DSCP match 0x3fsctp
spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/ /'
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT sctp a:b:c::d:e:f/128 ::/0 DSCP match 0x02state
ESTABLISHED ctdir ORIGINAL
-ACCEPT sctp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21sctp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
-ACCEPT sctp ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x3fsctp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT sctp a:b:c::d:e:f ::/0 DSCP match 0x02state
ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp a:b:c:: ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21sctp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
+ACCEPT sctp ::10.1.2.3 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x3fsctp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/ /'
Chain HI-vnet0 (1 references)
target prot opt source destination
-RETURN sctp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN sctp ::/0 a:b:c::/128 DSCP match 0x21sctp
spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
-RETURN sctp ::/0 ::10.1.2.3/128 DSCP match 0x3fsctp
spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp ::/0 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp ::/0 a:b:c:: DSCP match 0x21sctp
spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp ::/0 ::10.1.2.3 DSCP match 0x3fsctp
spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
b/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
index 2a794b8..a294a26 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
@@ -1,21 +1,21 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/ /'
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN tcp ::/0 a:b:c::/128 DSCP match 0x21tcp
spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
-RETURN tcp ::/0 ::10.1.2.3/128 DSCP match 0x3ftcp spt:65535
dpts:255:256 state ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN tcp ::/0 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp ::/0 a:b:c:: DSCP match 0x21tcp
spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN tcp ::/0 ::10.1.2.3 DSCP match 0x3ftcp spt:65535
dpts:255:256 state ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/ /'
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp a:b:c::d:e:f/128 ::/0 DSCP match 0x02state
ESTABLISHED ctdir ORIGINAL
-ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21tcp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
-ACCEPT tcp ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x3ftcp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT tcp a:b:c::d:e:f ::/0 DSCP match 0x02state
ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp a:b:c:: ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21tcp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
+ACCEPT tcp ::10.1.2.3 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x3ftcp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/ /'
Chain HI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN tcp ::/0 a:b:c::/128 DSCP match 0x21tcp
spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
-RETURN tcp ::/0 ::10.1.2.3/128 DSCP match 0x3ftcp spt:65535
dpts:255:256 state ESTABLISHED ctdir ORIGINAL
+RETURN tcp ::/0 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp ::/0 a:b:c:: DSCP match 0x21tcp
spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN tcp ::/0 ::10.1.2.3 DSCP match 0x3ftcp spt:65535
dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
b/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
index 0a75421..dafaea5 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
@@ -1,21 +1,21 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/ /'
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN udp ::/0 ::a:b:c/128 DSCP match 0x21udp
spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
-RETURN udp ::/0 ::10.1.2.3/128 DSCP match 0x3fudp spt:65535
dpts:255:256 state ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN udp ::/0 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udp ::/0 ::a:b:c DSCP match 0x21udp
spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN udp ::/0 ::10.1.2.3 DSCP match 0x3fudp spt:65535
dpts:255:256 state ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/ /'
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp a:b:c::d:e:f/128 ::/0 DSCP match 0x02state
ESTABLISHED ctdir ORIGINAL
-ACCEPT udp ::a:b:c/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21udp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
-ACCEPT udp ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x3fudp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT udp a:b:c::d:e:f ::/0 DSCP match 0x02state
ESTABLISHED ctdir ORIGINAL
+ACCEPT udp ::a:b:c ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21udp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
+ACCEPT udp ::10.1.2.3 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x3fudp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/ /'
Chain HI-vnet0 (1 references)
target prot opt source destination
-RETURN udp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN udp ::/0 ::a:b:c/128 DSCP match 0x21udp
spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
-RETURN udp ::/0 ::10.1.2.3/128 DSCP match 0x3fudp spt:65535
dpts:255:256 state ESTABLISHED ctdir ORIGINAL
+RETURN udp ::/0 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udp ::/0 ::a:b:c DSCP match 0x21udp
spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN udp ::/0 ::10.1.2.3 DSCP match 0x3fudp spt:65535
dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
b/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
index 9173222..815a8c0 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
@@ -1,21 +1,21 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/ /'
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udplite f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN udplite ::/0 a:b:c::/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
-RETURN udplite ::/0 ::10.1.2.3/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN udplite f:e:d::c:b:a/127 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udplite ::/0 a:b:c:: DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+RETURN udplite ::/0 ::10.1.2.3 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/ /'
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udplite a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match 0x02state
ESTABLISHED ctdir ORIGINAL
-ACCEPT udplite a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
-ACCEPT udplite ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT udplite a:b:c::d:e:f f:e:d::c:b:a/127 DSCP match 0x02state
ESTABLISHED ctdir ORIGINAL
+ACCEPT udplite a:b:c:: ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT udplite ::10.1.2.3 ::/0 MAC 01:02:03:04:05:06 DSCP
match 0x21state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/ /'
Chain HI-vnet0 (1 references)
target prot opt source destination
-RETURN udplite f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN udplite ::/0 a:b:c::/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
-RETURN udplite ::/0 ::10.1.2.3/128 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+RETURN udplite f:e:d::c:b:a/127 a:b:c::d:e:f MAC 01:02:03:04:05:06 DSCP
match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udplite ::/0 a:b:c:: DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
+RETURN udplite ::/0 ::10.1.2.3 DSCP match 0x21state
ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
--
1.8.4.5
6:41 a.m.
On Thu, Mar 27, 2014 at 05:55:06PM -0600, Mike Latimer wrote:
Due to iptables commit 945353a2 (in iptables v1.4.20 and higher),
ip6tables
no longer prints out /128. This patch removes /128 from output files, and
replaces '/128' in command output with ' ' to remain compatible with
older versions of ip6tables.
---
scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall | 24
+++++++++++-----------
scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall | 24
+++++++++++-----------
scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall | 12 +++++------
scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall | 24
+++++++++++-----------
scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall | 12 +++++------
scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall | 14 ++++++-------
scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall | 24
+++++++++++-----------
scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall | 24
+++++++++++-----------
scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall | 24
+++++++++++-----------
scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall | 24
+++++++++++-----------
10 files changed, 103 insertions(+), 103 deletions(-)
ACK and pushed
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
3892
days inactive
3893
days old
1 comments
2 participants
participants (2)
-
Daniel P. Berrange -
Mike Latimer