[Ferm] [PATCH 7/7] ebtables: add support for the "limit" match
Faidon Liambotis
paravoid at debian.org
Wed Jul 6 02:21:27 CEST 2011
---
src/ferm | 2 ++
test/ebtables/basic.ferm | 1 +
test/ebtables/basic.result | 1 +
3 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/src/ferm b/src/ferm
index 8ffd7cd..626eb85 100755
--- a/src/ferm
+++ b/src/ferm
@@ -368,6 +368,8 @@ add_match_def_x 'eb', '',
qw(802_3-sap! 802_3-type!),
# among
qw(!among-dst=c !among-src=c !among-dst-file !among-src-file),
+ # limit
+ qw(limit=s limit-burst=s),
# mark_m
qw(mark!),
# pkttype
diff --git a/test/ebtables/basic.ferm b/test/ebtables/basic.ferm
index b583bec..303a6f1 100644
--- a/test/ebtables/basic.ferm
+++ b/test/ebtables/basic.ferm
@@ -7,6 +7,7 @@ domain eb chain INPUT {
proto ARP arp-mac-src 00:11:22:33:44:55 ACCEPT;
proto ARP arp-gratuitous ACCEPT;
proto 0x8137 DROP;
+ limit 30/hour DROP;
interface eth0 logical-in br0 outerface eth1 logical-out br1 ACCEPT;
saddr Multicast daddr Broadcast DROP;
}
diff --git a/test/ebtables/basic.result b/test/ebtables/basic.result
index a51b481..db9e531 100644
--- a/test/ebtables/basic.result
+++ b/test/ebtables/basic.result
@@ -9,5 +9,6 @@ ebtables -t filter -A INPUT --protocol IPv6 --ip6-source 2001:db8:ffff:ffff:211:
ebtables -t filter -A INPUT --protocol ARP --arp-mac-src 00:11:22:33:44:55 -j ACCEPT
ebtables -t filter -A INPUT --protocol ARP --arp-gratuitous -j ACCEPT
ebtables -t filter -A INPUT --protocol 0x8137 -j DROP
+ebtables -t filter -A INPUT --limit 30/hour -j DROP
ebtables -t filter -A INPUT --in-interface eth0 --logical-in br0 --out-interface eth1 --logical-out br1 -j ACCEPT
ebtables -t filter -A INPUT --source Multicast --destination Broadcast -j DROP
--
1.7.2.5
More information about the Ferm
mailing list