[Ferm] ferm @if condition

Mon Jan 6 21:00:08 CET 2014

On 2014-01-06 11:42, Kiss Gabor (Bitman) wrote:
>> I'd like to get something like the following, where I can use the @if 
>> to only
>> be used as a conditional on the differences.
>> 
>> ======== Desired ========
>> @if @eq($DOMAIN, ip) {
>>   proto icmp @subchain "icmp"
>> }
>> @if @eq($DOMAIN, ip6) {
>>   proto ipv6-icmp @subchain "ipv6-icmp"
>> }
>> {
>>   icmp-type (
>>     # Common icmp type names
>>     echo-reply
>>     echo-request
>>     destination-unreachable
>>     time-exceeded
>> 
>>     @if @eq($DOMAIN, ip6) {
>>       # IPv6 ICMP specific additions
>>       packet-too-big
>>       router-advertisement
>>     }
>>     ) ACCEPT;
>>   }
>> }
>> ======== End Desired ========
> 
> This is my best offer:  :-)
> 
> @def $ICMP_COMMON = (echo-reply echo-request destination-unreachable
> time-exceeded);
> @def $ICMP_V6 = (packet-too-big router-advertisement);
> @def $ICMP_V4 = ();
> 
> proto icmp @subchain "icmp" {
>     ACCEPT icmp-type $ICMP_COMMON;
>     @if @eq($DOMAIN, ip) {
>         ACCEPT icmp-type $ICMP_V4;
>     }
>     @if @eq($DOMAIN, ip6) {
>         ACCEPT icmp-type $ICMP_V6;
>     }
> }
> 
> $ICMP_* vars introduced obly for readability.
> 
> Regards
> 
> Gabor

Thanks, that doesn't get what I'm after though. It tries to apply 
protocol icmp to the ip6 domain which is invalid, it must be ipv6-icmp 
(or icmpv6 as a shortcut). The issue is exactly that, how to specify 
multiple protocols with a shared inner block. I suppose it could be done 
using an include, but that seems overkill for a few line shared block.

Joel