Package: ferm Severity: wishlist Tags: patch hi,
attached is a patch to add ipvs module support to ferm. please apply :) thanks, bernd -- Mit freundlichen Grüßen Bernd Zeimetz Systems Engineer Debian Developer conova communications GmbH Web | http://www.conova.com/ E-Mail | b.zeim...@conova.com Zentrale Salzburg Karolingerstraße 36A 5020 Salzburg Tel | +43 (0) 662 22 00 - 313 Fax | +43 (0) 662 22 00 - 209 Es gelten die Allgemeinen Geschäftsbedingungen der conova communications GmbH, http://www.conova.com/de/agb/
>From cca7d552783ed7928508123afd59724e8e1c645a Mon Sep 17 00:00:00 2001 From: Bernd Zeimetz <be...@bzed.de> Date: Wed, 14 May 2014 19:32:47 +0200 Subject: [PATCH] Add support for the ipvs module. --- doc/ferm.pod | 12 ++++++++++++ src/ferm | 1 + 2 files changed, 13 insertions(+) diff --git a/doc/ferm.pod b/doc/ferm.pod index ff4e4ee..3feec22 100644 --- a/doc/ferm.pod +++ b/doc/ferm.pod @@ -812,6 +812,18 @@ list with more than one of these). There are more possible settings, type "iptables -m hashlimit -h" for documentation. +=item B<ipvs> + +Check the package length. + + mod ipvs ipvs ACCEPT; # packet belongs to an IPVS connection + mod ipvs vproto tcp ACCEPT; # VIP protocol to match; by number or name, e.g. "tcp + mod ipvs vaddr 1.2.3.4/24 ACCEPT; # VIP address to match + mod ipvs vport http ACCEPT; # VIP port to match + mod ipvs vdir ORIGINAL ACCEPT; # flow direction of packet + mod ipvs vmethod GATE ACCEPT; # IPVS forwarding method used + mod ipvs vportctl 80; # VIP port of the controlling connection to match + =item B<length> Check the package length. diff --git a/src/ferm b/src/ferm index a18fcdb..3ee520f 100755 --- a/src/ferm +++ b/src/ferm @@ -261,6 +261,7 @@ add_match_def 'hashlimit', qw(hashlimit=s hashlimit-burst=s hashlimit-mode=c has add_match_def 'iprange', qw(!src-range !dst-range); add_match_def 'ipv4options', qw(ssrr*0 lsrr*0 no-srr*0 !rr*0 !ts*0 !ra*0 !any-opt*0); add_match_def 'ipv6header', qw(header!=c soft*0); +add_match_def 'ipvs', qw(!ipvs*0 !vproto !vaddr !vport !vdir !vportctl); add_match_def 'length', qw(length!); add_match_def 'limit', qw(limit=s limit-burst=s); add_match_def 'mac', qw(mac-source!); -- 2.0.0.rc2
smime.p7s
Description: S/MIME cryptographic signature