lenses/iptables.aug: Support ipset module #861

citizenbilly · 2025-04-15T16:39:31Z

Iptables includes a module for integration with ipset.
However, augeas does not appear to support the second argument required for the iptables module: ---match-set.

Example Iptables rule:
-I INPUT -m set --match-set <setname> src -j DROP

Example of adding the rule:

defnode rule \$filter/insert[.='INPUT'][last()+1] "INPUT"
set \$rule/match "set"
set \$rule/ipset_flags "<setname>"
set \$rule/ipset_flags/set "src"
set \$rule/jump "DROP"

Fixes: hercules-team#860

Iptables includes a module for integration with ipset. However, augeas does not appear to support the second argument required for the iptables module: ---match-set. Example Iptables rule: -I INPUT -m set --match-set <setname> src -j DROP Example of adding the rule: defnode rule \$filter/insert[.='INPUT'][last()+1] "INPUT" set \$rule/match "set" set \$rule/ipset_flags "<setname>" set \$rule/ipset_flags/set "src" set \$rule/jump "DROP" Fixes: [hercules-team#860]

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

lenses/iptables.aug: Support ipset module #861

lenses/iptables.aug: Support ipset module #861

Uh oh!

citizenbilly commented Apr 15, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

lenses/iptables.aug: Support ipset module #861

Are you sure you want to change the base?

lenses/iptables.aug: Support ipset module #861

Uh oh!

Conversation

citizenbilly commented Apr 15, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant