On 01/03/2013 07:55 AM, Tom Eastep wrote: > On 01/02/2013 05:47 PM, Mr Dash Four wrote: >> >>> I checked out arptables on Fedora. The package is arptables_jf; the >>> synopsis says that: >>> >>> Arptables_jf is a fork of arptables from >>> ebtables.sourceforge.net written by Jay Fenlason. >>> >>> So apparently, Jay decided that the etables team has been neglecting his >>> baby and has decided to take it back. >> Don't know who he is (as if I would care, though - there are a lot of >> self-inflated egos in that circle who think they are the next >> Ein-bloody-stein), but if he decided to fork it on his own, that's >> always a bad sign, so stay well-clear indeed. I also just noticed the >> version of arptables_jf (as distributed by Fedora) - 0.0.8 - that >> doesn't fill me with much confidence. No wonder I couldn't get a lot of >> the stuff to work "as advertised" - as my last few posts on the subject >> will testify.
I notice that he has an @redhat email address so I assume that he works
there.
> So I guess that I will go ahead and add support for both flavors of
> arptables.
arptables-restore in arptables_jf is broken to the point of uselessness
with respect to --arpop (output folded to fit in email).
Input file:
cat /var/lib/shorewall/.arptables-input
*filter
:IN ACCEPT
:OUT ACCEPT
:FORWARD ACCEPT
-A OUT -o p3p1 -d 10.1.10.0/24 --arpop Request -j mangle --mangle-ip-s
10.1.10.11
COMMIT
[root@sami shorewall]#
Output:
[root@sami shorewall]# arptables-save
# Generated by arptables-save v0.0.8 on Thu Jan 3 12:38:54 2013
*filter
:IN ACCEPT [1:28]
:OUT ACCEPT [1:28]
:FORWARD ACCEPT [0:0]
-A OUT -d 10.1.10.0/255.255.255.0 -p 0100/ffff -o p3p1 -j mangle \
---------
--mangle-ip-s 10.1.10.11
COMMIT
# Completed on Thu Jan 3 12:38:54 2013
[root@sami shorewall]#
Then:
[root@sami shorewall]# arptables-save | arptables-restore
[root@sami shorewall]# arptables-save
# Generated by arptables-save v0.0.8 on Thu Jan 3 12:40:08 2013
*filter
:IN ACCEPT [0:0]
:OUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
-A OUT -d 10.1.10.0/255.255.255.0 -p 0001/ffff -o p3p1 -j mangle \
---------
--mangle-ip-s 10.1.10.11
COMMIT
# Completed on Thu Jan 3 12:40:08 2013
[root@sami shorewall]#
Looks to me like an endian problem.
I've added a vile hack to work around it until it's fixed.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
