"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "test/misc/ipfilter.ferm" between
ferm-2.5.1.tar.xz and ferm-2.6.tar.xz

About: ferm is a tool to maintain and setup complicated firewall rules.

ipfilter.ferm  (ferm-2.5.1.tar.xz):ipfilter.ferm  (ferm-2.6.tar.xz)
@def $TRUSTED_HOSTS = (192.168.0.40 2001:abcd:ef::40); @def $TRUSTED_HOSTS = (192.168.0.40 2001:abcd:ef::40);
domain (ip ip6) chain INPUT { domain (ip ip6) chain INPUT {
saddr @ipfilter($TRUSTED_HOSTS) proto tcp dport ssh ACCEPT; saddr @ipfilter($TRUSTED_HOSTS) proto tcp dport ssh ACCEPT;
} }
# do the @ipfilter invocation in a variable declaration
@def $FILTERED_HOSTS = @ipfilter($TRUSTED_HOSTS);
domain (ip ip6) chain OUTPUT {
daddr $FILTERED_HOSTS proto tcp dport ssh ACCEPT;
}
@def &accept_range($srange) = { @def &accept_range($srange) = {
domain (ip ip6) chain INPUT { domain (ip ip6) chain INPUT {
saddr $srange ACCEPT; saddr $srange ACCEPT;
} }
} }
&accept_range(@ipfilter($TRUSTED_HOSTS)); &accept_range(@ipfilter($TRUSTED_HOSTS));
# negation
domain (ip ip6) chain FORWARD {
daddr !$FILTERED_HOSTS DROP;
}
# also try @ipfilter as an "m" target; see issue #63 for a real-world example
@def $NATTED_NETS = (192.168.0.0/24 2001:abcd:ef::/64);
@def $SNAT_ADDR = (10.0.0.1 2001:efff::1);
domain (ip ip6) chain INPUT {
saddr @ipfilter($NATTED_NETS) outerface eth0 SNAT to-source @ipfilter($SNAT_
ADDR);
}
 End of changes. 2 change blocks. 
0 lines changed or deleted 7 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)