[Ferm] one target for multiple rules
Max Kellermann
max at duempel.org
Fri Mar 4 09:15:51 CET 2011
On 2011/02/27 10:07, Marc Haber <mh+ferm at zugschlus.de> wrote:
> Would it be awfully hard to implement to allow one target to be
> written for a list of rules, such as:
>
> saddr $source_list @subchain {
> {
> daddr $target1 proto tcp dport (list1t);
> daddr $target1 proto udp dport (list1u);
> daddr $target2 proto tcp dport (list2t);
> daddr $target2 proto udp dport (list2u);
> } ACCEPT;
Each rule within the curly braces is finalized, and generated into an
iptables rule (which is an error here, because there is no target -
not even "NOP" to override and tell ferm that you really don't want a
target).
A closing curly brace does not need to be finalized with a semicolon,
so the "ACCEPT" is a new rule on its own.
If you need general specifies, you need to write it before the curly
braces, that works around the ferm syntax limitation:
ACCEPT {
daddr $target1 proto tcp dport (list1t);
daddr $target1 proto udp dport (list1u);
daddr $target2 proto tcp dport (list2t);
daddr $target2 proto udp dport (list2u);
}
More information about the Ferm
mailing list