Package: ferm Version: 2.0.7-1 Severity: wishlist Tags: upstream, ipv6 Forwarded: Max Kellermann <[email protected]>
All of my hosts are IPv4 and IPv6 connected. Hence, every host has at least one address in each of the (ip ip6) domains. I'd really like to be able to think about a host as a single entity and thus would love to see the concept of "host objects" in ferm. In general, however, a host object needs not be more than a variable: @def $MYHOST = (77.109.139.85 2001:1620:2018:2::4d6d:8b55); Unfortunately, this does not work: daddr $MYHOST ACCEPT; causes the following rules to be created in both (ip ip6) domains: -A in-new --destination 77.109.139.85 --jump ACCEPT -A in-new --destination 2001:1620:2018:2::4d6d:8b55 --jump ACCEPT I am thinking that all that is needed is a simple domain-specific regexp to filter only the applicable addresses when expanding variable arrays in an address context. Unfortunately, I couldn't figure out where this is happening in 15 minutes of studying the code. -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.35-rc6-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ferm depends on: ii debconf 1.5.33 Debian configuration management sy ii iptables 1.4.8-3 administration tools for packet fi ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip ii perl 5.10.1-13 Larry Wall's Practical Extraction Versions of packages ferm recommends: ii libnet-dns-perl 0.66-2 Perform DNS queries from a Perl sc ferm suggests no packages. -- Configuration Files: /etc/default/ferm changed [not included] /etc/ferm/ferm.conf changed [not included] -- debconf information excluded -- .''`. martin f. krafft <[email protected]> Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduck http://vcs-pkg.org `- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
