[Ferm] [PATCH] Document another useful example of using @subchain

Faidon Liambotis paravoid at debian.org
Wed Jul 6 22:58:41 CEST 2011 

Since 2.0.9, expanded substrings are allowed in @subchain names. The
documentation mentions @substr as an example, while @cat("interface_",
$interface) is a far more useful and real-world example.

Add it to the documentation and in the test suite.
---
 doc/ferm.pod                                       |    2 +-
 test/misc/subchain-substr.result                   |    6 ------
 .../{subchain-substr.ferm => subchain-var.ferm}    |    5 +++++
 test/misc/subchain-var.result                      |    9 +++++++++
 4 files changed, 15 insertions(+), 7 deletions(-)
 delete mode 100644 test/misc/subchain-substr.result
 rename test/misc/{subchain-substr.ferm => subchain-var.ferm} (73%)
 create mode 100644 test/misc/subchain-var.result

diff --git a/doc/ferm.pod b/doc/ferm.pod
index ba783b5..350fa9e 100644
--- a/doc/ferm.pod
+++ b/doc/ferm.pod
@@ -443,7 +443,7 @@ Optionally, you may define the name of the sub chain:
  }
 
 The name can either be a quoted string literal, or an expanded ferm
-expression such as @substr($var,0,20).
+expression such as @cat("interface_", $iface) or @substr($var,0,20).
 
 You can achieve the same by explicitly declaring a custom chain, but
 you may feel that using B<@subchain> requires less typing.
diff --git a/test/misc/subchain-substr.result b/test/misc/subchain-substr.result
deleted file mode 100644
index f68162b..0000000
--- a/test/misc/subchain-substr.result
+++ /dev/null
@@ -1,6 +0,0 @@
-iptables -t filter -N abcdefghijab
-iptables -t filter -N abcdefghij
-iptables -t filter -A abcdefghijab -p udp --dport domain -j ACCEPT
-iptables -t filter -A INPUT -p udp -j abcdefghijab
-iptables -t filter -A INPUT -p udp -j abcdefghij
-iptables -t filter -A abcdefghij -p udp --dport domain -j ACCEPT
diff --git a/test/misc/subchain-substr.ferm b/test/misc/subchain-var.ferm
similarity index 73%
rename from test/misc/subchain-substr.ferm
rename to test/misc/subchain-var.ferm
index 49b9c58..452db97 100644
--- a/test/misc/subchain-substr.ferm
+++ b/test/misc/subchain-var.ferm
@@ -10,3 +10,8 @@ domain ip table filter chain INPUT proto udp @subchain @substr($string20,0,$twel
 domain ip table filter chain INPUT proto udp @subchain @substr($string20,0, at length($string10)) {
     dport domain ACCEPT;
 }
+
+ at def $iface = "tap0";
+domain ip table filter chain INPUT proto udp @subchain @cat("interface_", $iface) {
+    dport domain ACCEPT;
+}
diff --git a/test/misc/subchain-var.result b/test/misc/subchain-var.result
new file mode 100644
index 0000000..b71ad27
--- /dev/null
+++ b/test/misc/subchain-var.result
@@ -0,0 +1,9 @@
+iptables -t filter -N abcdefghijab
+iptables -t filter -N interface_tap0
+iptables -t filter -N abcdefghij
+iptables -t filter -A abcdefghijab -p udp --dport domain -j ACCEPT
+iptables -t filter -A INPUT -p udp -j abcdefghijab
+iptables -t filter -A INPUT -p udp -j abcdefghij
+iptables -t filter -A INPUT -p udp -j interface_tap0
+iptables -t filter -A interface_tap0 -p udp --dport domain -j ACCEPT
+iptables -t filter -A abcdefghij -p udp --dport domain -j ACCEPT
-- 
1.7.2.5

More information about the Ferm mailing list