[Ferm] ipset
Kiss Gabor (Bitman)
kissg at ssg.ki.iif.hu
Mon Dec 16 06:38:45 CET 2013
> > > Is there any plan of integrating ipset (http://ipset.netfilter.org)
> > > into ferm in the foreseen future?
> >
> > It was already integrated 6 years ago (commit 9293fe41), and can be
> > loaded with "mod set". What else do you need?
>
> Eeerrrr... a pair of new glasses?
After all I need a simple way to add networks statically to sets.
I mean this is too complicated:
##trustforwards ipset hash generation/handling.
@hook pre 'ipset -exist create trustforward hash:net';
@hook pre 'ipset flush trustforward ; echo "192.168.122.0/24 192.168.1.0/24 192.168.0.0/24 10.0.0.0/24 10.0.3.0/24 172.20.55.65/32 172.20.55.130/32 172.21.10.108/32 172.20.55.204/32 172.20.55.179/32" | xargs -d" " -P4 -I{} echo "add trustforward {}" | ipset - 1>/dev/null';
@hook flush 'ipset flush trustforward';
(Source: http://pastebin.com/PjrerVXP)
Something similar would be more handy:
@def $NET1 = ( # This variable may be used several times (as usual)
192.168.122.0/24 # Alice
192.168.1.0/24 # Bob
192.168.0.0/24 # Carol
10.0.0.0/24 # Chuck
10.0.3.0/24 # Craig
172.20.55.65/32 # Dan
172.20.55.130/32 # Erin
172.21.10.108/32 # Eve
172.20.55.204/32 # Frank
172.20.55.179/32 # Mallory
);
IPSET hash:net trustforward $NET1;
How is this called? Syntactic sugar? :-)
Regards
Gabor
More information about the Ferm
mailing list