Patchwork iptables manpage: Update protocol list for MASQUERADE and REDIRECT

login
register
mail settings
Submitter Mart Frauenlob
Date April 8, 2013, 11:30 a.m.
Message ID <5162AA56.70008@chello.at>
Download mbox | patch
Permalink /patch/234743/
State Superseded
Headers show

Comments

Mart Frauenlob - April 8, 2013, 11:30 a.m.
Hello,

this patch updates the list of protocols valid for the --to-ports option 
of the MASQUERADE and REDIRECT targets.

If I read the source correctly (no C programmer), icmp is also valid.
In that case the error message for !portok is missing icmp.

What does one specify, what is mapped with --to-ports and -p icmp?

Best regards

Mart

P.S. Is it ok to base on master, or should I use stable/next?
From 8e78fab467dbca6d1e27218cc4db091545a49027 Mon Sep 17 00:00:00 2001
From: Mart Frauenlob <mart.frauenlob@chello.at>
Date: Mon, 8 Apr 2013 13:11:49 +0200
Subject: [PATCH] manpage: Update protocol list for MASQUERADE and REDIRET.

---
 extensions/libip6t_MASQUERADE.man |    6 +++---
 extensions/libipt_MASQUERADE.man  |    6 +++---
 extensions/libipt_REDIRECT.man    |    6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

Patch

diff --git a/extensions/libip6t_MASQUERADE.man b/extensions/libip6t_MASQUERADE.man
index c63d826..b5b7677 100644
--- a/extensions/libip6t_MASQUERADE.man
+++ b/extensions/libip6t_MASQUERADE.man
@@ -16,10 +16,10 @@  any established connections are lost anyway).
 This specifies a range of source ports to use, overriding the default
 .B SNAT
 source port-selection heuristics (see above).  This is only valid
-if the rule also specifies
-\fB\-p tcp\fP
+if the rule also specifies one of the following protocols:
+.B tcp, udp, dccp, sctp
 or
-\fB\-p udp\fP.
+.B icmp.
 .TP
 \fB\-\-random\fP
 Randomize source port mapping
diff --git a/extensions/libipt_MASQUERADE.man b/extensions/libipt_MASQUERADE.man
index 2dae964..807ddbd 100644
--- a/extensions/libipt_MASQUERADE.man
+++ b/extensions/libipt_MASQUERADE.man
@@ -16,10 +16,10 @@  any established connections are lost anyway).
 This specifies a range of source ports to use, overriding the default
 .B SNAT
 source port-selection heuristics (see above).  This is only valid
-if the rule also specifies
-\fB\-p tcp\fP
+if the rule also specifies one of the following protocols:
+.B tcp, udp, dccp, sctp
 or
-\fB\-p udp\fP.
+.B icmp.
 .TP
 \fB\-\-random\fP
 Randomize source port mapping
diff --git a/extensions/libipt_REDIRECT.man b/extensions/libipt_REDIRECT.man
index 90ab19d..635ddd4 100644
--- a/extensions/libipt_REDIRECT.man
+++ b/extensions/libipt_REDIRECT.man
@@ -12,10 +12,10 @@  destination IP to the primary address of the incoming interface
 \fB\-\-to\-ports\fP \fIport\fP[\fB\-\fP\fIport\fP]
 This specifies a destination port or range of ports to use: without
 this, the destination port is never altered.  This is only valid
-if the rule also specifies
-\fB\-p tcp\fP
+if the rule also specifies one of the following protocols:
+.B tcp, udp, dccp, sctp
 or
-\fB\-p udp\fP.
+.B icmp.
 .TP
 \fB\-\-random\fP
 If option