Martin, On Mon, Aug 02, 2010 at 10:31:06AM +0200, martin f krafft wrote: > All of my hosts are IPv4 and IPv6 connected. Hence, every host has > at least one address in each of the (ip ip6) domains. I'd really > like to be able to think about a host as a single entity and thus > would love to see the concept of "host objects" in ferm. > > In general, however, a host object needs not be more than > a variable: > > @def $MYHOST = (77.109.139.85 2001:1620:2018:2::4d6d:8b55); > > Unfortunately, this does not work: > > daddr $MYHOST ACCEPT; > > causes the following rules to be created in both (ip ip6) domains: > > -A in-new --destination 77.109.139.85 --jump ACCEPT > -A in-new --destination 2001:1620:2018:2::4d6d:8b55 --jump ACCEPT > > I am thinking that all that is needed is a simple domain-specific > regexp to filter only the applicable addresses when expanding > variable arrays in an address context. > > Unfortunately, I couldn't figure out where this is happening in 15 > minutes of studying the code.
I raised the same issue on the mailing list (unaware of your bug report!), see the thread starting from: http://foo-projects.org/pipermail/ferm/2011-July/000059.html Max implemented *two* solutions to the problem that are now on ferm's git. Have a look at the implementation there to see if that satisfies your use case. Regards, Faidon -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
