[Ferm] [PATCH 4/7] ebtables IPv4: support abbreviations in arguments

Faidon Liambotis paravoid at debian.org
Wed Jul 6 02:21:24 CEST 2011 

Currently a mix of unabbreviated (e.g. ip-source) and abbreviated (e.g.
ip-sport) arguments were supported. Add support for all the possible
combinations.
---
 src/ferm                   |    6 +++++-
 test/ebtables/basic.ferm   |    1 +
 test/ebtables/basic.result |    1 +
 3 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/src/ferm b/src/ferm
index 5705d79..02dd5d7 100755
--- a/src/ferm
+++ b/src/ferm
@@ -329,7 +329,11 @@ add_match_def_x 'arp', '',
   qw(mangle-ip-s=s mangle-ip-d=s mangle-mac-s=s mangle-mac-d=s mangle-target=s);
 
 add_proto_def_x 'eb', 'IPv4',
-  qw(ip-source! ip-destination! ip-tos! ip-protocol! ip-sport! ip-dport!);
+  qw(ip-source! ip-destination! ip-src:=ip-source ip-dst:=ip-destination),
+  qw(ip-tos!),
+  qw(ip-protocol! ip-proto:=ip-protocol),
+  qw(ip-source-port! ip-sport:=ip-source-port),
+  qw(ip-destination-port! ip-dport:=ip-destination-port);
 
 add_proto_def_x 'eb', 'ARP',
   qw(!arp-gratuitous*0),
diff --git a/test/ebtables/basic.ferm b/test/ebtables/basic.ferm
index 757b2eb..d9e9a36 100644
--- a/test/ebtables/basic.ferm
+++ b/test/ebtables/basic.ferm
@@ -1,6 +1,7 @@
 domain eb chain INPUT {
     saddr 00:11:22:33:44:55 DROP;
     proto IPv4 ip-source 192.168.1.1 DROP;
+    proto IPv4 ip-proto tcp ip-dport 22 ACCEPT;
     proto ARP arp-mac-src 00:11:22:33:44:55 ACCEPT;
     proto ARP arp-gratuitous ACCEPT;
     proto 0x8137 DROP;
diff --git a/test/ebtables/basic.result b/test/ebtables/basic.result
index 84a45d5..5e5db05 100644
--- a/test/ebtables/basic.result
+++ b/test/ebtables/basic.result
@@ -3,6 +3,7 @@ ebtables -t filter -F
 ebtables -t filter -X
 ebtables -t filter -A INPUT --source 00:11:22:33:44:55 -j DROP
 ebtables -t filter -A INPUT --protocol IPv4 --ip-source 192.168.1.1 -j DROP
+ebtables -t filter -A INPUT --protocol IPv4 --ip-protocol tcp --ip-destination-port 22 -j ACCEPT
 ebtables -t filter -A INPUT --protocol ARP --arp-mac-src 00:11:22:33:44:55 -j ACCEPT
 ebtables -t filter -A INPUT --protocol ARP --arp-gratuitous -j ACCEPT
 ebtables -t filter -A INPUT --protocol 0x8137 -j DROP
-- 
1.7.2.5

More information about the Ferm mailing list