|
 |
34625f |
From 8d5b7e557b65cd547b55567ac3dfbb2ea3f65418 Mon Sep 17 00:00:00 2001
|
|
|
34625f |
From: Phil Sutter <phil@nwl.cc>
|
|
|
34625f |
Date: Mon, 12 Nov 2018 15:02:52 +0100
|
|
|
34625f |
Subject: [PATCH] nft.8: Clarify 'index' option of add rule command
|
|
|
34625f |
|
|
|
34625f |
Documentation for add rule command might trick readers into believing
|
|
|
34625f |
the optional 'index' argument does not need to be that of an existing
|
|
|
34625f |
rule. This false assumption is fueled by the fact that iptables allows
|
|
|
34625f |
to insert with last rule number + 1 to actually append to a chain.
|
|
|
34625f |
Change the relevant sentence to clarify that.
|
|
|
34625f |
|
|
|
34625f |
While being at it, drop the deprecated 'position' option from
|
|
|
34625f |
documentation - since this will likely go away at some point, don't
|
|
|
34625f |
encourage users to use it although they should notice that they
|
|
|
34625f |
shoudn't.
|
|
|
34625f |
|
|
|
34625f |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
34625f |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
34625f |
(cherry picked from commit f4e40e395af2b73cd72c5454e41fb879da8c5f61)
|
|
|
34625f |
|
|
|
34625f |
Conflicts:
|
|
|
34625f |
doc/nft.txt
|
|
|
34625f |
-> Patch applied manually to doc/nft.xml from asciidoc source.
|
|
|
34625f |
|
|
|
34625f |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
34625f |
---
|
|
|
34625f |
doc/nft.xml | 11 +++--------
|
|
|
34625f |
1 file changed, 3 insertions(+), 8 deletions(-)
|
|
|
34625f |
|
|
|
34625f |
diff --git a/doc/nft.xml b/doc/nft.xml
|
|
|
34625f |
index 22d57ac630037..512724ed8f9a7 100644
|
|
|
34625f |
--- a/doc/nft.xml
|
|
|
34625f |
+++ b/doc/nft.xml
|
|
|
34625f |
@@ -877,10 +877,7 @@ add table inet mytable
|
|
|
34625f |
<replaceable>chain</replaceable>
|
|
|
34625f |
<group choice="opt">
|
|
|
34625f |
<arg>
|
|
|
34625f |
- <group choice="req">
|
|
|
34625f |
- <arg>handle</arg>
|
|
|
34625f |
- <arg>position</arg>
|
|
|
34625f |
- </group>
|
|
|
34625f |
+ <literal>handle</literal>
|
|
|
34625f |
<replaceable>handle</replaceable>
|
|
|
34625f |
</arg>
|
|
|
34625f |
<arg>
|
|
|
34625f |
@@ -917,8 +914,8 @@ add table inet mytable
|
|
|
34625f |
</para>
|
|
|
34625f |
<para>
|
|
|
34625f |
The <literal>add</literal> and <literal>insert</literal> commands support an optional
|
|
|
34625f |
- location specifier, which is either a <replaceable>handle</replaceable> of an existing
|
|
|
34625f |
- rule or an <replaceable>index</replaceable> (starting at zero). Internally,
|
|
|
34625f |
+ location specifier, which is either a <replaceable>handle</replaceable> or the
|
|
|
34625f |
+ <replaceable>index</replaceable> (starting at zero) of an existing rule. Internally,
|
|
|
34625f |
rule locations are always identified by <replaceable>handle</replaceable> and the
|
|
|
34625f |
translation from <replaceable>index</replaceable> happens in userspace. This has two
|
|
|
34625f |
potential implications in case a concurrent ruleset change happens after the translation
|
|
|
34625f |
@@ -935,8 +932,6 @@ add table inet mytable
|
|
|
34625f |
Add a new rule described by the list of statements. The rule is appended to the
|
|
|
34625f |
given chain unless a <literal>handle</literal> is specified, in which case the
|
|
|
34625f |
rule is appended to the rule given by the <replaceable>handle</replaceable>.
|
|
|
34625f |
- The alternative name <literal>position</literal> is deprecated and should not be
|
|
|
34625f |
- used anymore.
|
|
|
34625f |
</para>
|
|
|
34625f |
</listitem>
|
|
|
34625f |
</varlistentry>
|
|
|
34625f |
--
|
|
|
34625f |
2.19.0
|
|
|
34625f |
|