|
 |
ff4a6b |
From f73416517ac7bb6868ff4c0199fcd4327c9dffa5 Mon Sep 17 00:00:00 2001
|
|
|
ff4a6b |
From: Phil Sutter <phil@nwl.cc>
|
|
|
ff4a6b |
Date: Wed, 28 Jul 2021 17:53:53 +0200
|
|
|
ff4a6b |
Subject: [PATCH] doc: ebtables-nft.8: Adjust for missing atomic-options
|
|
|
ff4a6b |
|
|
|
ff4a6b |
Drop any reference to them (and the environment variable) but list them
|
|
|
ff4a6b |
in BUGS section hinting at ebtables-save and -restore tools.
|
|
|
ff4a6b |
|
|
|
ff4a6b |
Fixes: 1939cbc25e6f5 ("doc: Adjust ebtables man page")
|
|
|
ff4a6b |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
ff4a6b |
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
ff4a6b |
(cherry picked from commit 765bf04ecc228783cb88c810c85bc0c769579c39)
|
|
|
ff4a6b |
---
|
|
|
ff4a6b |
iptables/ebtables-nft.8 | 64 ++++++-----------------------------------
|
|
|
ff4a6b |
1 file changed, 8 insertions(+), 56 deletions(-)
|
|
|
ff4a6b |
|
|
|
ff4a6b |
diff --git a/iptables/ebtables-nft.8 b/iptables/ebtables-nft.8
|
|
|
ff4a6b |
index 5bdc0bb8a939e..85f6738d7d1aa 100644
|
|
|
ff4a6b |
--- a/iptables/ebtables-nft.8
|
|
|
ff4a6b |
+++ b/iptables/ebtables-nft.8
|
|
|
ff4a6b |
@@ -44,12 +44,6 @@ ebtables \- Ethernet bridge frame table administration (nft-based)
|
|
|
ff4a6b |
.br
|
|
|
ff4a6b |
.BR "ebtables " [ -t " table ] " --init-table
|
|
|
ff4a6b |
.br
|
|
|
ff4a6b |
-.BR "ebtables " [ -t " table ] [" --atomic-file " file] " --atomic-commit
|
|
|
ff4a6b |
-.br
|
|
|
ff4a6b |
-.BR "ebtables " [ -t " table ] [" --atomic-file " file] " --atomic-init
|
|
|
ff4a6b |
-.br
|
|
|
ff4a6b |
-.BR "ebtables " [ -t " table ] [" --atomic-file " file] " --atomic-save
|
|
|
ff4a6b |
-.br
|
|
|
ff4a6b |
|
|
|
ff4a6b |
.SH DESCRIPTION
|
|
|
ff4a6b |
.PP
|
|
|
ff4a6b |
@@ -162,11 +156,9 @@ a table, the commands apply to the default filter table.
|
|
|
ff4a6b |
Only one command may be used on the command line at a time, except when
|
|
|
ff4a6b |
the commands
|
|
|
ff4a6b |
.BR -L " and " -Z
|
|
|
ff4a6b |
-are combined, the commands
|
|
|
ff4a6b |
+are combined or the commands
|
|
|
ff4a6b |
.BR -N " and " -P
|
|
|
ff4a6b |
-are combined, or when
|
|
|
ff4a6b |
-.B --atomic-file
|
|
|
ff4a6b |
-is used.
|
|
|
ff4a6b |
+are combined.
|
|
|
ff4a6b |
.TP
|
|
|
ff4a6b |
.B "-A, --append"
|
|
|
ff4a6b |
Append a rule to the end of the selected chain.
|
|
|
ff4a6b |
@@ -326,39 +318,6 @@ of the ebtables kernel table.
|
|
|
ff4a6b |
.TP
|
|
|
ff4a6b |
.B "--init-table"
|
|
|
ff4a6b |
Replace the current table data by the initial table data.
|
|
|
ff4a6b |
-.TP
|
|
|
ff4a6b |
-.B "--atomic-init"
|
|
|
ff4a6b |
-Copy the kernel's initial data of the table to the specified
|
|
|
ff4a6b |
-file. This can be used as the first action, after which rules are added
|
|
|
ff4a6b |
-to the file. The file can be specified using the
|
|
|
ff4a6b |
-.B --atomic-file
|
|
|
ff4a6b |
-command or through the
|
|
|
ff4a6b |
-.IR EBTABLES_ATOMIC_FILE " environment variable."
|
|
|
ff4a6b |
-.TP
|
|
|
ff4a6b |
-.B "--atomic-save"
|
|
|
ff4a6b |
-Copy the kernel's current data of the table to the specified
|
|
|
ff4a6b |
-file. This can be used as the first action, after which rules are added
|
|
|
ff4a6b |
-to the file. The file can be specified using the
|
|
|
ff4a6b |
-.B --atomic-file
|
|
|
ff4a6b |
-command or through the
|
|
|
ff4a6b |
-.IR EBTABLES_ATOMIC_FILE " environment variable."
|
|
|
ff4a6b |
-.TP
|
|
|
ff4a6b |
-.B "--atomic-commit"
|
|
|
ff4a6b |
-Replace the kernel table data with the data contained in the specified
|
|
|
ff4a6b |
-file. This is a useful command that allows you to load all your rules of a
|
|
|
ff4a6b |
-certain table into the kernel at once, saving the kernel a lot of precious
|
|
|
ff4a6b |
-time and allowing atomic updates of the tables. The file which contains
|
|
|
ff4a6b |
-the table data is constructed by using either the
|
|
|
ff4a6b |
-.B "--atomic-init"
|
|
|
ff4a6b |
-or the
|
|
|
ff4a6b |
-.B "--atomic-save"
|
|
|
ff4a6b |
-command to generate a starting file. After that, using the
|
|
|
ff4a6b |
-.B "--atomic-file"
|
|
|
ff4a6b |
-command when constructing rules or setting the
|
|
|
ff4a6b |
-.IR EBTABLES_ATOMIC_FILE " environment variable"
|
|
|
ff4a6b |
-allows you to extend the file and build the complete table before
|
|
|
ff4a6b |
-committing it to the kernel. This command can be very useful in boot scripts
|
|
|
ff4a6b |
-to populate the ebtables tables in a fast way.
|
|
|
ff4a6b |
.SS MISCELLANOUS COMMANDS
|
|
|
ff4a6b |
.TP
|
|
|
ff4a6b |
.B "-V, --version"
|
|
|
ff4a6b |
@@ -384,16 +343,6 @@ a target extension (see
|
|
|
ff4a6b |
.BR "TARGET EXTENSIONS" ")"
|
|
|
ff4a6b |
or a user-defined chain name.
|
|
|
ff4a6b |
.TP
|
|
|
ff4a6b |
-.B --atomic-file "\fIfile\fP"
|
|
|
ff4a6b |
-Let the command operate on the specified
|
|
|
ff4a6b |
-.IR file .
|
|
|
ff4a6b |
-The data of the table to
|
|
|
ff4a6b |
-operate on will be extracted from the file and the result of the operation
|
|
|
ff4a6b |
-will be saved back into the file. If specified, this option should come
|
|
|
ff4a6b |
-before the command specification. An alternative that should be preferred,
|
|
|
ff4a6b |
-is setting the
|
|
|
ff4a6b |
-.IR EBTABLES_ATOMIC_FILE " environment variable."
|
|
|
ff4a6b |
-.TP
|
|
|
ff4a6b |
.B -M, --modprobe "\fIprogram\fP"
|
|
|
ff4a6b |
When talking to the kernel, use this
|
|
|
ff4a6b |
.I program
|
|
|
ff4a6b |
@@ -1113,8 +1062,6 @@ arp message and the hardware address length in the arp header is 6 bytes.
|
|
|
ff4a6b |
.br
|
|
|
ff4a6b |
.SH FILES
|
|
|
ff4a6b |
.I /etc/ethertypes
|
|
|
ff4a6b |
-.SH ENVIRONMENT VARIABLES
|
|
|
ff4a6b |
-.I EBTABLES_ATOMIC_FILE
|
|
|
ff4a6b |
.SH MAILINGLISTS
|
|
|
ff4a6b |
.BR "" "See " http://netfilter.org/mailinglists.html
|
|
|
ff4a6b |
.SH BUGS
|
|
|
ff4a6b |
@@ -1122,7 +1069,12 @@ The version of ebtables this man page ships with does not support the
|
|
|
ff4a6b |
.B broute
|
|
|
ff4a6b |
table. Also there is no support for
|
|
|
ff4a6b |
.B string
|
|
|
ff4a6b |
-match. And finally, this list is probably not complete.
|
|
|
ff4a6b |
+match. Further, support for atomic-options
|
|
|
ff4a6b |
+.RB ( --atomic-file ", " --atomic-init ", " --atomic-save ", " --atomic-commit )
|
|
|
ff4a6b |
+has not been implemented, although
|
|
|
ff4a6b |
+.BR ebtables-save " and " ebtables-restore
|
|
|
ff4a6b |
+might replace them entirely given the inherent atomicity of nftables.
|
|
|
ff4a6b |
+Finally, this list is probably not complete.
|
|
|
ff4a6b |
.SH SEE ALSO
|
|
|
ff4a6b |
.BR xtables-nft "(8), " iptables "(8), " ip "(8), " nft (8)
|
|
|
ff4a6b |
.PP
|
|
|
ff4a6b |
--
|
|
|
ff4a6b |
2.33.0
|
|
|
ff4a6b |
|