summaryrefslogtreecommitdiff
path: root/lib/Vyatta/IpTables/Rule.pm
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@baturin.org>2018-11-18 19:11:57 +0100
committerDaniil Baturin <daniil@baturin.org>2018-11-18 19:11:57 +0100
commit152c7f8eefeea6d69b0b72ca1bb2e8345f66acd9 (patch)
tree8a7168c4d0481d5f5d4881f32a9cee552fc1ba96 /lib/Vyatta/IpTables/Rule.pm
parent8b2ffad3c7a6ae4c65097ee562bb55beff16035a (diff)
downloadvyatta-cfg-firewall-152c7f8eefeea6d69b0b72ca1bb2e8345f66acd9.tar.gz
vyatta-cfg-firewall-152c7f8eefeea6d69b0b72ca1bb2e8345f66acd9.zip
T573: add support for matching IPv6 hop limit.
Patch by Ray Patrick Soucy.
Diffstat (limited to 'lib/Vyatta/IpTables/Rule.pm')
-rwxr-xr-xlib/Vyatta/IpTables/Rule.pm29
1 files changed, 27 insertions, 2 deletions
diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm
index 08772a1..5172011 100755
--- a/lib/Vyatta/IpTables/Rule.pm
+++ b/lib/Vyatta/IpTables/Rule.pm
@@ -59,7 +59,12 @@ my %fields = (
},
_disable => undef,
_ip_version => undef,
- _comment => undef
+ _comment => undef,
+ _hop_limit => {
+ _eq => undef,
+ _lt => undef,
+ _gt => undef,
+ }
);
my %dummy_rule = (
@@ -112,7 +117,12 @@ my %dummy_rule = (
},
_disable => undef,
_ip_version => undef,
- _comment => undef
+ _comment => undef,
+ _hop_limit => {
+ _eq => undef,
+ _lt => undef,
+ _gt => undef,
+ }
);
my $DEBUG = 'false';
@@ -206,6 +216,10 @@ sub setup_base {
$self->{_disable} = $config->$exists_func("disable");
+ $self->{_hop_limit}->{_eq} = $config->$val_func("hop-limit eq");
+ $self->{_hop_limit}->{_lt} = $config->$val_func("hop-limit lt");
+ $self->{_hop_limit}->{_gt} = $config->$val_func("hop-limit gt");
+
# TODO: need $config->exists("$level source") in Vyatta::Config.pm
$src->$addr_setup("$level source");
$dst->$addr_setup("$level destination");
@@ -255,6 +269,7 @@ sub print {
print "mod table: $self->{_mod_table}\n" if defined $self->{_mod_table};
print "mod dscp: $self->{_mod_dscp}\n" if defined $self->{_mod_dscp};
print "mod tcp-mss: $self->{_mod_tcpmss}\n" if defined $self->{_mod_tcpmss};
+ print "hop-limit: $self->{_hop_limit}\n" if defined $self->{_hop_limit};
$src->print();
$dst->print();
@@ -423,6 +438,16 @@ sub rule {
}
}
+ # Setup HL rule if configured
+ #
+ if ( defined($self->{_hop_limit}->{_eq}) ) {
+ $rule .= " -m hl --hl-eq $self->{_hop_limit}->{_eq}";
+ } elsif ( defined($self->{_hop_limit}->{_lt}) ) {
+ $rule .= " -m hl --hl-lt $self->{_hop_limit}->{_lt}";
+ } elsif ( defined($self->{_hop_limit}->{_gt}) ) {
+ $rule .= " -m hl --hl-gt $self->{_hop_limit}->{_gt}";
+ }
+
# add the source and destination rules
($srcrule, $err_str) = $src->rule();
return ($err_str,) if (!defined($srcrule));