[Ferm] Automatic variables not working as expected
Jari Eskelinen
jari.eskelinen at iki.fi
Sun Jun 5 13:46:54 CEST 2011
Hi everybody,
Just found ferm and what a greate piece of software it is! I have been
translating my long and hard to read iptables scripts to ferm
configuration file utilizing includes and conditions. However, I found
slight problem, don't know if it's bug in ferm (2.0.9) or glitch in
documentation, but here's example:
****************************************************************************
domain (ip ip6) {
table filter {
chain INPUT {
policy ACCEPT;
@if @eq($DOMAIN, ip) @include 'icmp.ferm';
@if @eq($DOMAIN, ip6) @include 'icmpv6.ferm';
}
chain OUTPUT {
policy ACCEPT;
}
chain FORWARD {
policy ACCEPT;
}
}
}
****************************************************************************
I am trying to create both IPv4 and IPv6 rules within one domain block
as my rules are pretty much identical for both. However, ICMP and ICMPv6
rules must differ as type codes are not compatbile.
Example above does not work though. Neither icmp.ferm or icmpv6.ferm
will be included. It seems that automatic variable $DOMAIN does contain
array (ip ip6), NOT current domain. Clip from manual:
$DOMAIN
The current domain. One of ip, ip6, arp, eb.
In my opinion either manual, or ferm needs to be corrected. What do you
think?
Thank you!
Best wishes,
Jari Eskelinen
More information about the Ferm
mailing list