[Ferm] [PATCH 5/7] ebtables: add support for matching IPv6

Faidon Liambotis paravoid at debian.org
Wed Jul 6 02:21:25 CEST 2011 

Support is basically a copy of IPv4, with s/ip-/ip6-/ and s/tos/tclass/
---
 src/ferm                   |    7 +++++++
 test/ebtables/basic.ferm   |    1 +
 test/ebtables/basic.result |    1 +
 3 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/src/ferm b/src/ferm
index 02dd5d7..89bb1ca 100755
--- a/src/ferm
+++ b/src/ferm
@@ -335,6 +335,13 @@ add_proto_def_x 'eb', 'IPv4',
   qw(ip-source-port! ip-sport:=ip-source-port),
   qw(ip-destination-port! ip-dport:=ip-destination-port);
 
+add_proto_def_x 'eb', 'IPv6',
+  qw(ip6-source! ip6-destination! ip6-src:=ip6-source ip6-dst:=ip6-destination),
+  qw(ip6-tclass!),
+  qw(ip6-protocol! ip6-proto:=ip6-protocol),
+  qw(ip6-source-port! ip6-sport:=ip6-source-port),
+  qw(ip6-destination-port! ip6-dport:=ip6-destination-port);
+
 add_proto_def_x 'eb', 'ARP',
   qw(!arp-gratuitous*0),
   qw(arp-opcode! arp-htype!=ss arp-ptype!=ss),
diff --git a/test/ebtables/basic.ferm b/test/ebtables/basic.ferm
index d9e9a36..ea8b450 100644
--- a/test/ebtables/basic.ferm
+++ b/test/ebtables/basic.ferm
@@ -2,6 +2,7 @@ domain eb chain INPUT {
     saddr 00:11:22:33:44:55 DROP;
     proto IPv4 ip-source 192.168.1.1 DROP;
     proto IPv4 ip-proto tcp ip-dport 22 ACCEPT;
+    proto IPv6 ip6-source 2001:db8:ffff:ffff:211:22ff:fe33:4455 DROP;
     proto ARP arp-mac-src 00:11:22:33:44:55 ACCEPT;
     proto ARP arp-gratuitous ACCEPT;
     proto 0x8137 DROP;
diff --git a/test/ebtables/basic.result b/test/ebtables/basic.result
index 5e5db05..24dc71e 100644
--- a/test/ebtables/basic.result
+++ b/test/ebtables/basic.result
@@ -4,6 +4,7 @@ ebtables -t filter -X
 ebtables -t filter -A INPUT --source 00:11:22:33:44:55 -j DROP
 ebtables -t filter -A INPUT --protocol IPv4 --ip-source 192.168.1.1 -j DROP
 ebtables -t filter -A INPUT --protocol IPv4 --ip-protocol tcp --ip-destination-port 22 -j ACCEPT
+ebtables -t filter -A INPUT --protocol IPv6 --ip6-source 2001:db8:ffff:ffff:211:22ff:fe33:4455 -j DROP
 ebtables -t filter -A INPUT --protocol ARP --arp-mac-src 00:11:22:33:44:55 -j ACCEPT
 ebtables -t filter -A INPUT --protocol ARP --arp-gratuitous -j ACCEPT
 ebtables -t filter -A INPUT --protocol 0x8137 -j DROP
-- 
1.7.2.5

More information about the Ferm mailing list