[Ferm] [PATCH 6/7] ebtables: add support for "among" match

Faidon Liambotis paravoid at debian.org
Wed Jul 6 02:21:26 CEST 2011 

---
 src/ferm                     |    2 ++
 test/ebtables/basic.ferm     |    1 +
 test/ebtables/basic.result   |    1 +
 test/ebtables/negated.ferm   |    1 +
 test/ebtables/negated.result |    1 +
 5 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/src/ferm b/src/ferm
index 89bb1ca..8ffd7cd 100755
--- a/src/ferm
+++ b/src/ferm
@@ -366,6 +366,8 @@ add_match_def_x 'eb', '',
   qw(source! saddr:=source destination! daddr:=destination),
   # 802.3
   qw(802_3-sap! 802_3-type!),
+  # among
+  qw(!among-dst=c !among-src=c !among-dst-file !among-src-file),
   # mark_m
   qw(mark!),
   # pkttype
diff --git a/test/ebtables/basic.ferm b/test/ebtables/basic.ferm
index ea8b450..b583bec 100644
--- a/test/ebtables/basic.ferm
+++ b/test/ebtables/basic.ferm
@@ -1,5 +1,6 @@
 domain eb chain INPUT {
     saddr 00:11:22:33:44:55 DROP;
+    among-src (00:11:22:33:44:55 00:11:22:33:44:66) DROP;
     proto IPv4 ip-source 192.168.1.1 DROP;
     proto IPv4 ip-proto tcp ip-dport 22 ACCEPT;
     proto IPv6 ip6-source 2001:db8:ffff:ffff:211:22ff:fe33:4455 DROP;
diff --git a/test/ebtables/basic.result b/test/ebtables/basic.result
index 24dc71e..a51b481 100644
--- a/test/ebtables/basic.result
+++ b/test/ebtables/basic.result
@@ -2,6 +2,7 @@ ebtables -t filter -P INPUT ACCEPT
 ebtables -t filter -F
 ebtables -t filter -X
 ebtables -t filter -A INPUT --source 00:11:22:33:44:55 -j DROP
+ebtables -t filter -A INPUT --among-src 00:11:22:33:44:55,00:11:22:33:44:66 -j DROP
 ebtables -t filter -A INPUT --protocol IPv4 --ip-source 192.168.1.1 -j DROP
 ebtables -t filter -A INPUT --protocol IPv4 --ip-protocol tcp --ip-destination-port 22 -j ACCEPT
 ebtables -t filter -A INPUT --protocol IPv6 --ip6-source 2001:db8:ffff:ffff:211:22ff:fe33:4455 -j DROP
diff --git a/test/ebtables/negated.ferm b/test/ebtables/negated.ferm
index 968970a..449a8d0 100644
--- a/test/ebtables/negated.ferm
+++ b/test/ebtables/negated.ferm
@@ -1,4 +1,5 @@
 domain eb chain INPUT {
+    among-src ! (00:11:22:33:44:55 00:11:22:33:44:66) ACCEPT;
     proto !ARP ACCEPT;
     proto ARP !arp-gratuitous ACCEPT;
     interface !eth0 logical-in !br0 outerface !eth1 logical-out !br1 ACCEPT;
diff --git a/test/ebtables/negated.result b/test/ebtables/negated.result
index d05ad56..447b76f 100644
--- a/test/ebtables/negated.result
+++ b/test/ebtables/negated.result
@@ -1,6 +1,7 @@
 ebtables -t filter -P INPUT ACCEPT
 ebtables -t filter -F
 ebtables -t filter -X
+ebtables -t filter -A INPUT ! --among-src 00:11:22:33:44:55,00:11:22:33:44:66 -j ACCEPT
 ebtables -t filter -A INPUT ! --protocol ARP -j ACCEPT
 ebtables -t filter -A INPUT --protocol ARP ! --arp-gratuitous -j ACCEPT
 ebtables -t filter -A INPUT ! --in-interface eth0 ! --logical-in br0 ! --out-interface eth1 ! --logical-out br1 -j ACCEPT
-- 
1.7.2.5

More information about the Ferm mailing list