[Ferm] [PATCH 3/7] ebtables: add support for -p ARP --arp-gratuitous

Faidon Liambotis paravoid at debian.org
Wed Jul 6 02:21:23 CEST 2011


---
 src/ferm                     |    2 ++
 test/ebtables/basic.ferm     |    1 +
 test/ebtables/basic.result   |    1 +
 test/ebtables/negated.ferm   |    1 +
 test/ebtables/negated.result |    1 +
 5 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/src/ferm b/src/ferm
index ee58163..5705d79 100755
--- a/src/ferm
+++ b/src/ferm
@@ -332,10 +332,12 @@ add_proto_def_x 'eb', 'IPv4',
   qw(ip-source! ip-destination! ip-tos! ip-protocol! ip-sport! ip-dport!);
 
 add_proto_def_x 'eb', 'ARP',
+  qw(!arp-gratuitous*0),
   qw(arp-opcode! arp-htype!=ss arp-ptype!=ss),
   qw(arp-ip-src! arp-ip-dst! arp-mac-src! arp-mac-dst!);
 
 add_proto_def_x 'eb', 'RARP',
+  qw(!arp-gratuitous*0),
   qw(arp-opcode! arp-htype!=ss arp-ptype!=ss),
   qw(arp-ip-src! arp-ip-dst! arp-mac-src! arp-mac-dst!);
 
diff --git a/test/ebtables/basic.ferm b/test/ebtables/basic.ferm
index 5aac859..757b2eb 100644
--- a/test/ebtables/basic.ferm
+++ b/test/ebtables/basic.ferm
@@ -2,6 +2,7 @@ domain eb chain INPUT {
     saddr 00:11:22:33:44:55 DROP;
     proto IPv4 ip-source 192.168.1.1 DROP;
     proto ARP arp-mac-src 00:11:22:33:44:55 ACCEPT;
+    proto ARP arp-gratuitous ACCEPT;
     proto 0x8137 DROP;
     interface eth0 logical-in br0 outerface eth1 logical-out br1 ACCEPT;
     saddr Multicast daddr Broadcast DROP;
diff --git a/test/ebtables/basic.result b/test/ebtables/basic.result
index d74884d..84a45d5 100644
--- a/test/ebtables/basic.result
+++ b/test/ebtables/basic.result
@@ -4,6 +4,7 @@ ebtables -t filter -X
 ebtables -t filter -A INPUT --source 00:11:22:33:44:55 -j DROP
 ebtables -t filter -A INPUT --protocol IPv4 --ip-source 192.168.1.1 -j DROP
 ebtables -t filter -A INPUT --protocol ARP --arp-mac-src 00:11:22:33:44:55 -j ACCEPT
+ebtables -t filter -A INPUT --protocol ARP --arp-gratuitous -j ACCEPT
 ebtables -t filter -A INPUT --protocol 0x8137 -j DROP
 ebtables -t filter -A INPUT --in-interface eth0 --logical-in br0 --out-interface eth1 --logical-out br1 -j ACCEPT
 ebtables -t filter -A INPUT --source Multicast --destination Broadcast -j DROP
diff --git a/test/ebtables/negated.ferm b/test/ebtables/negated.ferm
index 874c4f5..968970a 100644
--- a/test/ebtables/negated.ferm
+++ b/test/ebtables/negated.ferm
@@ -1,5 +1,6 @@
 domain eb chain INPUT {
     proto !ARP ACCEPT;
+    proto ARP !arp-gratuitous ACCEPT;
     interface !eth0 logical-in !br0 outerface !eth1 logical-out !br1 ACCEPT;
     saddr !Multicast daddr !Broadcast DROP;
 }
diff --git a/test/ebtables/negated.result b/test/ebtables/negated.result
index b4dd16c..d05ad56 100644
--- a/test/ebtables/negated.result
+++ b/test/ebtables/negated.result
@@ -2,5 +2,6 @@ ebtables -t filter -P INPUT ACCEPT
 ebtables -t filter -F
 ebtables -t filter -X
 ebtables -t filter -A INPUT ! --protocol ARP -j ACCEPT
+ebtables -t filter -A INPUT --protocol ARP ! --arp-gratuitous -j ACCEPT
 ebtables -t filter -A INPUT ! --in-interface eth0 ! --logical-in br0 ! --out-interface eth1 ! --logical-out br1 -j ACCEPT
 ebtables -t filter -A INPUT ! --source Multicast ! --destination Broadcast -j DROP
-- 
1.7.2.5



More information about the Ferm mailing list