Package: ferm Version: 2.0.7-1 Severity: normal Tags: upstream ipv6
The ip6tables hashlimit modulule understands some more options, notably hashlimit-srcmask. Please extend the ferm parser. A simple patch is attached. Thank you. -- System Information: Debian Release: 6.0.5 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.4-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ferm depends on: ii debconf 1.5.36.1 Debian configuration management sy ii iptables 1.4.8-3 administration tools for packet fi ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii perl 5.10.1-17squeeze3 Larry Wall's Practical Extraction Versions of packages ferm recommends: ii libnet-dns-perl 0.66-2 Perform DNS queries from a Perl sc ferm suggests no packages. -- Configuration Files: /etc/default/ferm changed: FAST=yes CACHE=yes OPTIONS= ENABLED=yes /etc/ferm/ferm.conf [Errno 13] Permission denied: u'/etc/ferm/ferm.conf' -- debconf information: * ferm/enable: true
--- /usr/sbin/ferm 2010-01-02 23:50:16.000000000 +0100 +++ /tmp/ferm 2012-07-02 22:56:47.024050871 +0200 @@ -245,7 +245,8 @@ add_match_def 'hl', qw(hl-eq! hl-lt=s hl-gt=s); add_match_def 'hashlimit', qw(hashlimit=s hashlimit-burst=s hashlimit-mode=s hashlimit-name=s), qw(hashlimit-htable-size=s hashlimit-htable-max=s), - qw(hashlimit-htable-expire=s hashlimit-htable-gcinterval=s); + qw(hashlimit-htable-expire=s hashlimit-htable-gcinterval=s), + qw(hashlimit-srcmask=s hashlimit-dstmask=s); add_match_def 'iprange', qw(!src-range !dst-range); add_match_def 'ipv4options', qw(ssrr*0 lsrr*0 no-srr*0 !rr*0 !ts*0 !ra*0 !any-opt*0); add_match_def 'ipv6header', qw(header!=c soft*0);