| commit | d10de6c2d7cd526389a012a82e00b725f90e9325 | |
| author | Damyan Ivanov <dmn@debian.org> | |
| Fri, 3 Apr 2009 05:16:04 +0000 (3 07:16 +0200) | ||
| committer | Max Kellermann <max@duempel.org> | |
| Fri, 3 Apr 2009 05:16:04 +0000 (3 07:16 +0200) | ||
| tree | d96775692431297b094b9823d6c5b2ebcb5709ff | treesnapshot (tar.gz zip) |
| parent | 3b525dd798a5e3370e5e3a0935cd25b4a8412868 | commitdiff |
support negation in mark/connmark
The following works OK in iptables
iptables -t mangle -A PREROUTING -m connmark \! --mark 0 \
-j CONNMARK --restore-mark
but the corresponding ferm snippet doesn't:
table mangle chain PREROUTING mod connmark
!mark 0 CONNMARK restore-mark;
trying to feed that into ferm gives:
$ sudo /usr/sbin/ferm --lines --noexec test.ferm
Error in test.ferm line 1:
table mangle chain PREROUTING mod connmark ! mark 0 <--
Doesn't support negation: mark
Applying the following trivial patch to connmark definition allows
negation of the mark parameter.
The following works OK in iptables
iptables -t mangle -A PREROUTING -m connmark \! --mark 0 \
-j CONNMARK --restore-mark
but the corresponding ferm snippet doesn't:
table mangle chain PREROUTING mod connmark
!mark 0 CONNMARK restore-mark;
trying to feed that into ferm gives:
$ sudo /usr/sbin/ferm --lines --noexec test.ferm
Error in test.ferm line 1:
table mangle chain PREROUTING mod connmark ! mark 0 <--
Doesn't support negation: mark
Applying the following trivial patch to connmark definition allows
negation of the mark parameter.
| NEWS | diffblobblamehistory | |
| src/ferm | diffblobblamehistory |