diff options
| author | Daniil Baturin <daniil@baturin.org> | 2018-11-18 19:11:57 +0100 |
|---|---|---|
| committer | Daniil Baturin <daniil@baturin.org> | 2018-11-18 19:11:57 +0100 |
| commit | 152c7f8eefeea6d69b0b72ca1bb2e8345f66acd9 (patch) | |
| tree | 8a7168c4d0481d5f5d4881f32a9cee552fc1ba96 /lib | |
| parent | 8b2ffad3c7a6ae4c65097ee562bb55beff16035a (diff) | |
| download | vyatta-cfg-firewall-152c7f8eefeea6d69b0b72ca1bb2e8345f66acd9.tar.gz vyatta-cfg-firewall-152c7f8eefeea6d69b0b72ca1bb2e8345f66acd9.zip | |
T573: add support for matching IPv6 hop limit.
Patch by Ray Patrick Soucy.
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/Vyatta/IpTables/Rule.pm | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm index 08772a1..5172011 100755 --- a/lib/Vyatta/IpTables/Rule.pm +++ b/lib/Vyatta/IpTables/Rule.pm @@ -59,7 +59,12 @@ my %fields = ( }, _disable => undef, _ip_version => undef, - _comment => undef + _comment => undef, + _hop_limit => { + _eq => undef, + _lt => undef, + _gt => undef, + } ); my %dummy_rule = ( @@ -112,7 +117,12 @@ my %dummy_rule = ( }, _disable => undef, _ip_version => undef, - _comment => undef + _comment => undef, + _hop_limit => { + _eq => undef, + _lt => undef, + _gt => undef, + } ); my $DEBUG = 'false'; @@ -206,6 +216,10 @@ sub setup_base { $self->{_disable} = $config->$exists_func("disable"); + $self->{_hop_limit}->{_eq} = $config->$val_func("hop-limit eq"); + $self->{_hop_limit}->{_lt} = $config->$val_func("hop-limit lt"); + $self->{_hop_limit}->{_gt} = $config->$val_func("hop-limit gt"); + # TODO: need $config->exists("$level source") in Vyatta::Config.pm $src->$addr_setup("$level source"); $dst->$addr_setup("$level destination"); @@ -255,6 +269,7 @@ sub print { print "mod table: $self->{_mod_table}\n" if defined $self->{_mod_table}; print "mod dscp: $self->{_mod_dscp}\n" if defined $self->{_mod_dscp}; print "mod tcp-mss: $self->{_mod_tcpmss}\n" if defined $self->{_mod_tcpmss}; + print "hop-limit: $self->{_hop_limit}\n" if defined $self->{_hop_limit}; $src->print(); $dst->print(); @@ -423,6 +438,16 @@ sub rule { } } + # Setup HL rule if configured + # + if ( defined($self->{_hop_limit}->{_eq}) ) { + $rule .= " -m hl --hl-eq $self->{_hop_limit}->{_eq}"; + } elsif ( defined($self->{_hop_limit}->{_lt}) ) { + $rule .= " -m hl --hl-lt $self->{_hop_limit}->{_lt}"; + } elsif ( defined($self->{_hop_limit}->{_gt}) ) { + $rule .= " -m hl --hl-gt $self->{_hop_limit}->{_gt}"; + } + # add the source and destination rules ($srcrule, $err_str) = $src->rule(); return ($err_str,) if (!defined($srcrule)); |