[Ferm] [PATCH 3/7] ebtables: add support for -p ARP --arp-gratuitous
Faidon Liambotis
paravoid at debian.org
Wed Jul 6 02:21:23 CEST 2011
---
src/ferm | 2 ++
test/ebtables/basic.ferm | 1 +
test/ebtables/basic.result | 1 +
test/ebtables/negated.ferm | 1 +
test/ebtables/negated.result | 1 +
5 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/src/ferm b/src/ferm
index ee58163..5705d79 100755
--- a/src/ferm
+++ b/src/ferm
@@ -332,10 +332,12 @@ add_proto_def_x 'eb', 'IPv4',
qw(ip-source! ip-destination! ip-tos! ip-protocol! ip-sport! ip-dport!);
add_proto_def_x 'eb', 'ARP',
+ qw(!arp-gratuitous*0),
qw(arp-opcode! arp-htype!=ss arp-ptype!=ss),
qw(arp-ip-src! arp-ip-dst! arp-mac-src! arp-mac-dst!);
add_proto_def_x 'eb', 'RARP',
+ qw(!arp-gratuitous*0),
qw(arp-opcode! arp-htype!=ss arp-ptype!=ss),
qw(arp-ip-src! arp-ip-dst! arp-mac-src! arp-mac-dst!);
diff --git a/test/ebtables/basic.ferm b/test/ebtables/basic.ferm
index 5aac859..757b2eb 100644
--- a/test/ebtables/basic.ferm
+++ b/test/ebtables/basic.ferm
@@ -2,6 +2,7 @@ domain eb chain INPUT {
saddr 00:11:22:33:44:55 DROP;
proto IPv4 ip-source 192.168.1.1 DROP;
proto ARP arp-mac-src 00:11:22:33:44:55 ACCEPT;
+ proto ARP arp-gratuitous ACCEPT;
proto 0x8137 DROP;
interface eth0 logical-in br0 outerface eth1 logical-out br1 ACCEPT;
saddr Multicast daddr Broadcast DROP;
diff --git a/test/ebtables/basic.result b/test/ebtables/basic.result
index d74884d..84a45d5 100644
--- a/test/ebtables/basic.result
+++ b/test/ebtables/basic.result
@@ -4,6 +4,7 @@ ebtables -t filter -X
ebtables -t filter -A INPUT --source 00:11:22:33:44:55 -j DROP
ebtables -t filter -A INPUT --protocol IPv4 --ip-source 192.168.1.1 -j DROP
ebtables -t filter -A INPUT --protocol ARP --arp-mac-src 00:11:22:33:44:55 -j ACCEPT
+ebtables -t filter -A INPUT --protocol ARP --arp-gratuitous -j ACCEPT
ebtables -t filter -A INPUT --protocol 0x8137 -j DROP
ebtables -t filter -A INPUT --in-interface eth0 --logical-in br0 --out-interface eth1 --logical-out br1 -j ACCEPT
ebtables -t filter -A INPUT --source Multicast --destination Broadcast -j DROP
diff --git a/test/ebtables/negated.ferm b/test/ebtables/negated.ferm
index 874c4f5..968970a 100644
--- a/test/ebtables/negated.ferm
+++ b/test/ebtables/negated.ferm
@@ -1,5 +1,6 @@
domain eb chain INPUT {
proto !ARP ACCEPT;
+ proto ARP !arp-gratuitous ACCEPT;
interface !eth0 logical-in !br0 outerface !eth1 logical-out !br1 ACCEPT;
saddr !Multicast daddr !Broadcast DROP;
}
diff --git a/test/ebtables/negated.result b/test/ebtables/negated.result
index b4dd16c..d05ad56 100644
--- a/test/ebtables/negated.result
+++ b/test/ebtables/negated.result
@@ -2,5 +2,6 @@ ebtables -t filter -P INPUT ACCEPT
ebtables -t filter -F
ebtables -t filter -X
ebtables -t filter -A INPUT ! --protocol ARP -j ACCEPT
+ebtables -t filter -A INPUT --protocol ARP ! --arp-gratuitous -j ACCEPT
ebtables -t filter -A INPUT ! --in-interface eth0 ! --logical-in br0 ! --out-interface eth1 ! --logical-out br1 -j ACCEPT
ebtables -t filter -A INPUT ! --source Multicast ! --destination Broadcast -j DROP
--
1.7.2.5
More information about the Ferm
mailing list