Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

domain eb ip match wrong rule #32

Closed
532910 opened this issue Mar 9, 2018 · 6 comments
Closed

domain eb ip match wrong rule #32

532910 opened this issue Mar 9, 2018 · 6 comments

Comments

@532910
Copy link

532910 commented Mar 9, 2018

correct command:

ebtables -t broute -A BROUTING --protocol IPV4 --match ip --source <IP> --jump ACCEPT

in ferm form:

% cat test.conf
domain eb table broute chain BROUTING {
	 proto IPV4 mod ip source <IP> ACCEPT;
}
% /usr/sbin/ferm --shell --remote test.conf
...
ebtables -t broute -A BROUTING --protocol IPV4 --match ip --source <IP> --jump ACCEPT

# ebtables ...
Unknown argument: '--match
@532910
Copy link
Author

532910 commented Sep 6, 2018

Any update?

@532910
Copy link
Author

532910 commented Sep 6, 2018

Really correct command is the:

ebtables -t broute -A BROUTING --protocol IPV4 --ip-source <IP> --jump ACCEPT

@532910
Copy link
Author

532910 commented Nov 4, 2018

@MaxKellermann: what's wrong with this issue, could you at least confirm it?

@MaxKellermann
Copy link
Owner

Your ferm file is incorrect, and thus ferm renders incorrect rules. Shit in, shit out. This is what you're looking for:

domain eb table broute chain BROUTING {
  proto IPv4 ip-source IP ACCEPT;
}

@532910
Copy link
Author

532910 commented Nov 28, 2019

Is this due to debian compilation flags or outdated package? As I see basic.ferm was last modified in 2011, so it's not a recent featrure.

% /usr/sbin/ferm --remote test.conf
Error in test.conf line 4:
domain eb table broute chain BROUTING 
{ 
    proto IPV4 ip-source <--
Unrecognized keyword: ip-source

ferm 2.4 debian sid

@532910
Copy link
Author

532910 commented Nov 28, 2019

It should be wrong proto rather than Unrecognized keyword: ip-source as it's due to IPV4 and IPv4 is correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants