[Ferm] [PATCH] Add negation to pkt-type.
Omen Wild
omen at mandarb.com
Tue Mar 15 00:39:19 CET 2011
Add the negation flag to the module pkttype, pkt-type argument.
Also add a test to verify it works.
---
src/ferm | 2 +-
test/modules/pkttype.ferm | 1 +
test/modules/pkttype.result | 1 +
3 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/ferm b/src/ferm
index 8cf83a8..48aa32a 100755
--- a/src/ferm
+++ b/src/ferm
@@ -261,7 +261,7 @@ add_match_def 'owner', qw(!uid-owner !gid-owner pid-owner sid-owner),
qw(cmd-owner !socket-exists=0);
add_match_def 'physdev', qw(physdev-in! physdev-out!),
qw(!physdev-is-in*0 !physdev-is-out*0 !physdev-is-bridged*0);
-add_match_def 'pkttype', qw(pkt-type),
+add_match_def 'pkttype', qw(pkt-type!),
add_match_def 'policy',
qw(dir pol strict*0 !reqid !spi !proto !mode !tunnel-src !tunnel-dst next*0);
add_match_def 'psd', qw(psd-weight-threshold psd-delay-threshold),
diff --git a/test/modules/pkttype.ferm b/test/modules/pkttype.ferm
index 3f95ae7..8f13a6a 100644
--- a/test/modules/pkttype.ferm
+++ b/test/modules/pkttype.ferm
@@ -1,3 +1,4 @@
table filter chain INPUT mod pkttype {
pkt-type unicast ACCEPT;
+ pkt-type ! unicast ACCEPT;
}
diff --git a/test/modules/pkttype.result b/test/modules/pkttype.result
index 71e308e..2755398 100644
--- a/test/modules/pkttype.result
+++ b/test/modules/pkttype.result
@@ -1 +1,2 @@
iptables -t filter -A INPUT -m pkttype --pkt-type unicast -j ACCEPT
+iptables -t filter -A INPUT -m pkttype ! --pkt-type unicast -j ACCEPT
--
1.7.4.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4538 bytes
Desc: not available
URL: <http://foo-projects.org/pipermail/ferm/attachments/20110314/fdad2136/attachment.bin>
More information about the Ferm
mailing list