Package: filtergen
Severity: wishlist
Tags: patch
The attached patch allows a literal '*' to be used as an interface name in
an input/output statement to mean "all interfaces", and modifies the
iptables backend to handle it appropriately (don't set -i/-o on the
associated rules).
The use cases for this should be fairly obvious.
- Matt
--- filtergen-0.12.4.orig/fg-iptables.c 2009-10-01 17:04:30.000000000 +1000
+++ filtergen-0.12.4.all_interfaces/fg-iptables.c 2009-10-01 17:03:26.000000000 +1000
@@ -123,9 +123,11 @@
APPS(rule, "!");
APPS(rule_r, "!");
}
- APPSS2(natrule, "-i", ent->iface);
- APPSS2(rule, "-i", ent->iface);
- APPSS2(rule_r, "-o", ent->iface);
+ if (strcmp(ent->iface, "*")) {
+ APPSS2(natrule, "-i", ent->iface);
+ APPSS2(rule, "-i", ent->iface);
+ APPSS2(rule_r, "-o", ent->iface);
+ }
}
break;
case OUTPUT:
@@ -140,9 +142,11 @@
APPS(rule, "!");
APPS(rule_r, "!");
}
- APPSS2(natrule, "-o", ent->iface);
- APPSS2(rule, "-o", ent->iface);
- APPSS2(rule_r, "-i", ent->iface);
+ if (strcmp(ent->iface, "*")) {
+ APPSS2(natrule, "-o", ent->iface);
+ APPSS2(rule, "-o", ent->iface);
+ APPSS2(rule_r, "-i", ent->iface);
+ }
}
break;
default: fprintf(stderr, "unknown direction\n"); abort();
--- filtergen-0.12.4.orig/filter_syntax.5 2004-06-09 22:48:41.000000000 +1000
+++ filtergen-0.12.4.all_interfaces/filter_syntax.5 2009-10-01 16:48:00.000000000 +1000
@@ -45,6 +45,9 @@
Linux are "eth0", "eth1", ..., "ppp0", etc. Other systems will have
different naming rules.
+If you want to match all interfaces, you can specify "*" (without the
+quotes).
+
.SS TARGET
A \fItarget\fR notes what we do with a matching packet. Universal
options are \fIaccept\fR and \fIdrop\fR which, respectively, state
--- filtergen-0.12.4.orig/parser.y 2004-05-15 13:26:48.000000000 +1000
+++ filtergen-0.12.4.all_interfaces/parser.y 2009-10-01 16:54:11.000000000 +1000
@@ -123,6 +123,7 @@
%token TOK_ERR
%token TOK_BANG
%token TOK_COLON
+%token TOK_SPLAT
%{
int yyprint(FILE * f, int t, YYSTYPE v);
%}
@@ -258,6 +259,13 @@
{
$$ = $2;
}
+ | TOK_SPLAT
+ {
+ $$ = malloc(sizeof(struct direction_argument_list_s));
+ $$->list = NULL;
+ $$->arg = malloc(sizeof(struct direction_argument_s));
+ $$->arg->direction = strdup("*");
+ }
;
direction_argument_list_: /* empty */
--- filtergen-0.12.4.orig/scanner.l 2009-10-01 17:04:30.000000000 +1000
+++ filtergen-0.12.4.all_interfaces/scanner.l 2009-10-01 16:41:53.000000000 +1000
@@ -111,6 +111,7 @@
";" return TOK_SEMICOLON;
":" return TOK_COLON;
"!" return TOK_BANG;
+"*" return TOK_SPLAT;
{id}(\.{id})* {
yylval.u_str = strndup(yytext, yyleng);
