Your message dated Mon, 24 Oct 2016 12:41:53 +0200
with message-id <[email protected]>
and subject line Re: ferm: ipvs module support
has caused the Debian Bug report #748138,
regarding ferm: ipvs module support
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
748138: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748138
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ferm
Severity: wishlist
Tags: patch
hi,
attached is a patch to add ipvs module support to ferm. please apply :)
thanks,
bernd
--
Mit freundlichen Grüßen
Bernd Zeimetz
Systems Engineer
Debian Developer
conova communications GmbH
Web | http://www.conova.com/
E-Mail | [email protected]
Zentrale Salzburg
Karolingerstraße 36A
5020 Salzburg
Tel | +43 (0) 662 22 00 - 313
Fax | +43 (0) 662 22 00 - 209
Es gelten die Allgemeinen Geschäftsbedingungen der
conova communications GmbH, http://www.conova.com/de/agb/
>From cca7d552783ed7928508123afd59724e8e1c645a Mon Sep 17 00:00:00 2001
From: Bernd Zeimetz <[email protected]>
Date: Wed, 14 May 2014 19:32:47 +0200
Subject: [PATCH] Add support for the ipvs module.
---
doc/ferm.pod | 12 ++++++++++++
src/ferm | 1 +
2 files changed, 13 insertions(+)
diff --git a/doc/ferm.pod b/doc/ferm.pod
index ff4e4ee..3feec22 100644
--- a/doc/ferm.pod
+++ b/doc/ferm.pod
@@ -812,6 +812,18 @@ list with more than one of these).
There are more possible settings, type "iptables -m hashlimit -h" for
documentation.
+=item B<ipvs>
+
+Check the package length.
+
+ mod ipvs ipvs ACCEPT; # packet belongs to an IPVS connection
+ mod ipvs vproto tcp ACCEPT; # VIP protocol to match; by number or name, e.g. "tcp
+ mod ipvs vaddr 1.2.3.4/24 ACCEPT; # VIP address to match
+ mod ipvs vport http ACCEPT; # VIP port to match
+ mod ipvs vdir ORIGINAL ACCEPT; # flow direction of packet
+ mod ipvs vmethod GATE ACCEPT; # IPVS forwarding method used
+ mod ipvs vportctl 80; # VIP port of the controlling connection to match
+
=item B<length>
Check the package length.
diff --git a/src/ferm b/src/ferm
index a18fcdb..3ee520f 100755
--- a/src/ferm
+++ b/src/ferm
@@ -261,6 +261,7 @@ add_match_def 'hashlimit', qw(hashlimit=s hashlimit-burst=s hashlimit-mode=c has
add_match_def 'iprange', qw(!src-range !dst-range);
add_match_def 'ipv4options', qw(ssrr*0 lsrr*0 no-srr*0 !rr*0 !ts*0 !ra*0 !any-opt*0);
add_match_def 'ipv6header', qw(header!=c soft*0);
+add_match_def 'ipvs', qw(!ipvs*0 !vproto !vaddr !vport !vdir !vportctl);
add_match_def 'length', qw(length!);
add_match_def 'limit', qw(limit=s limit-burst=s);
add_match_def 'mac', qw(mac-source!);
--
2.0.0.rc2
smime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
--- Begin Message ---
Version: 2.3-1
According to upstream's changelog, support for the ipvs module went into
Version 2.3, therefore I'm marking this as "done".
--- End Message ---
