[Ferm] Suggested Patch - Allow @cat to work with arrays

Jan Walzer jan.walzer at 1und1.de
Tue Sep 3 12:34:41 CEST 2013 

Hi Project,

I have built an framework around ferm 2.1 for our team to manage a lot of  
hosts with ferm.
When I started I used a lot of the @cat operator to build subchain-names.
Something like:

@def &AccessTCP($Dest,$Port) = {
     chain OUTPUT
         proto tcp
             dport $Port
         mod comment comment @cat("TAG_STATISTICS_AccessTCP", at cat($Port))
         @subchain @cat("AccessTCP_", at cat($Port)) {
             daddr $Dest jump ACCEPT mod comment comment  
"AccessTCP:$FILENAME:$LINE";
             }
         }

made it possible, to call with

@def $HOSTS=(172.19.112.0/24 172.19.113.0/24);
@def $PORTS=( 80 443 );

&AccessTCP( $HOSTS, $PORTS );

and reuse Definitions.
Of course. The Chain-Names and the Comments leaked perl-internal  
Array-Refs and they were not stable at all.

But it worked for the current usage.

With 2.2 all my rules get broken by commit  
85d9e19a7799e1d18f06a6c269551246457227ab because of the type-check.

Conceptually this is perfectly correct, because yes, Internal-Data  
shouldn't leak into the system.

Therefore I tried the following patch, which (of course), is only a  
quickhack:

diff --git a/src/ferm b/src/ferm
index 8e13440..13e96de 100755
--- a/src/ferm
+++ b/src/ferm
@@ -49,7 +49,7 @@ use vars qw($has_strict $has_getopt);
  use vars qw($VERSION);

  $VERSION = '2.2.1';
-$VERSION .= '~git';
+$VERSION .= '~git-jw';

  ## interface variables
  # %option = command line and other options
@@ -1253,8 +1253,9 @@ sub getvalues {
          } elsif ($token eq '@cat') {
              my $value = '';
              map {
-                error('String expected') if ref $_;
-                $value .= $_;
+               $value .= (ref $_)?
+                   join('_',@{$_}):
+                   $_;
              } get_function_params();
              return $value;
          } elsif ($token eq '@substr') {


Of course it would be better, to have a way to specify the "joiner"  
instead of heaving '_' hardcoded there.
But please, can we have some way of "joining an array of strings" back?

Thanks, Jan


--
Jan Walzer

IT-Landschafts - Gärtner
IT Operations Shared Applications

1&1 Internet AG | Brauerstraße 48 | 76135 Karlsruhe | Germany
Phone: +49 721 91374-3634
E-Mail: jan.walzer at 1und1.de | Web: www.1und1.de

Hauptsitz Montabaur, Amtsgericht Montabaur, HRB 6484

Vorstand: Ralph Dommermuth, Frank Einhellinger, Robert Hoffmann, Andreas  
Hofmann, Markus Huhn, Hans-Henning Kettler, Uwe Lamnek, Jan Oetjen,  
Christian Würst
Aufsichtsratsvorsitzender: Michael Scheeren

More information about the Ferm mailing list