"Fossies" - the Fresh Open Source Software Archive

Member "ferm-2.6/test/misc/ipfilter.ferm" (30 Jan 2021, 871 Bytes) of package /linux/privat/ferm-2.6.tar.xz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "ipfilter.ferm": 2.5.1_vs_2.6.

    1 @def $TRUSTED_HOSTS = (192.168.0.40 2001:abcd:ef::40);
    2 
    3 domain (ip ip6) chain INPUT {
    4     saddr @ipfilter($TRUSTED_HOSTS) proto tcp dport ssh ACCEPT;
    5 }
    6 
    7 # do the @ipfilter invocation in a variable declaration
    8 @def $FILTERED_HOSTS = @ipfilter($TRUSTED_HOSTS);
    9 
   10 domain (ip ip6) chain OUTPUT {
   11     daddr $FILTERED_HOSTS proto tcp dport ssh ACCEPT;
   12 }
   13 
   14 @def &accept_range($srange) = {
   15     domain (ip ip6) chain INPUT {
   16         saddr $srange ACCEPT;
   17     }
   18 }
   19 &accept_range(@ipfilter($TRUSTED_HOSTS));
   20 
   21 # negation
   22 
   23 domain (ip ip6) chain FORWARD {
   24     daddr !$FILTERED_HOSTS DROP;
   25 }
   26 
   27 # also try @ipfilter as an "m" target; see issue #63 for a real-world example
   28 @def $NATTED_NETS = (192.168.0.0/24 2001:abcd:ef::/64);
   29 @def $SNAT_ADDR = (10.0.0.1 2001:efff::1);
   30 domain (ip ip6) chain INPUT {
   31     saddr @ipfilter($NATTED_NETS) outerface eth0 SNAT to-source @ipfilter($SNAT_ADDR);
   32 }