Bug#748138: ferm: ipvs module support

Wed, 14 May 2014 10:45:31 -0700 

Package: ferm
Severity: wishlist
Tags: patch

hi,

attached is a patch to add ipvs module support to ferm. please apply :)

thanks,

bernd


--
Mit freundlichen Grüßen


Bernd Zeimetz
Systems Engineer
Debian Developer

conova communications GmbH
Web    | http://www.conova.com/
E-Mail | b.zeim...@conova.com

Zentrale Salzburg
Karolingerstraße 36A
5020 Salzburg

Tel | +43 (0) 662 22 00 - 313
Fax | +43 (0) 662 22 00 - 209

Es gelten die Allgemeinen Geschäftsbedingungen der
conova communications GmbH, http://www.conova.com/de/agb/


>From cca7d552783ed7928508123afd59724e8e1c645a Mon Sep 17 00:00:00 2001
From: Bernd Zeimetz <be...@bzed.de>
Date: Wed, 14 May 2014 19:32:47 +0200
Subject: [PATCH] Add support for the ipvs module.

---
 doc/ferm.pod | 12 ++++++++++++
 src/ferm     |  1 +
 2 files changed, 13 insertions(+)

diff --git a/doc/ferm.pod b/doc/ferm.pod
index ff4e4ee..3feec22 100644
--- a/doc/ferm.pod
+++ b/doc/ferm.pod
@@ -812,6 +812,18 @@ list with more than one of these).
 There are more possible settings, type "iptables -m hashlimit -h" for
 documentation.
 
+=item B<ipvs>
+
+Check the package length.
+
+    mod ipvs ipvs ACCEPT; # packet belongs to an IPVS connection
+    mod ipvs vproto tcp ACCEPT; # VIP protocol to match; by number or name, e.g. "tcp
+    mod ipvs vaddr 1.2.3.4/24 ACCEPT; # VIP address to match
+    mod ipvs vport http ACCEPT; # VIP port to match
+    mod ipvs vdir ORIGINAL ACCEPT; # flow direction of packet
+    mod ipvs vmethod GATE ACCEPT; # IPVS forwarding method used
+    mod ipvs vportctl 80; # VIP port of the controlling connection to match
+
 =item B<length>
 
 Check the package length.
diff --git a/src/ferm b/src/ferm
index a18fcdb..3ee520f 100755
--- a/src/ferm
+++ b/src/ferm
@@ -261,6 +261,7 @@ add_match_def 'hashlimit', qw(hashlimit=s hashlimit-burst=s hashlimit-mode=c has
 add_match_def 'iprange', qw(!src-range !dst-range);
 add_match_def 'ipv4options', qw(ssrr*0 lsrr*0 no-srr*0 !rr*0 !ts*0 !ra*0 !any-opt*0);
 add_match_def 'ipv6header', qw(header!=c soft*0);
+add_match_def 'ipvs', qw(!ipvs*0 !vproto !vaddr !vport !vdir !vportctl);
 add_match_def 'length', qw(length!);
 add_match_def 'limit', qw(limit=s limit-burst=s);
 add_match_def 'mac', qw(mac-source!);
-- 
2.0.0.rc2

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to