Bug#660412: ferm: Support setting policy of non-builtin chains

Sat, 18 Feb 2012 15:00:17 -0800 

Package: ferm
Version: 2.1-1
Severity: minor
Tags: patch

Dear Maintainer,

While iptables only supports setting the policy of builtin chains,
ebtables allows this for non-builtin chains as well.

I attached a patch implementing “-P <policy>” for non-builtin chains.

Regards,
Peter

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ferm depends on:
ii  debconf   1.5.41
ii  iptables  1.4.12.2-1
ii  lsb-base  3.2-28.1
ii  perl      5.14.2-7

Versions of packages ferm recommends:
ii  libnet-dns-perl  0.66-2+b2

ferm suggests no packages.

>From f39649a5acc82f8ac80f6fac6843c26a1483fa3d Mon Sep 17 00:00:00 2001
From: Peter Colberg <pe...@colberg.org>
Date: Sun, 23 Oct 2011 19:24:34 -0400
Subject: [PATCH 2/2] Support setting policy of non-builtin chains

This is only supported with ebtables
---
 src/ferm |   17 ++++++++++++-----
 1 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/ferm b/src/ferm
index fecdc83..0774d86 100755
--- a/src/ferm
+++ b/src/ferm
@@ -2382,11 +2382,18 @@ sub execute_slow($) {
 
         # create chains / set policy
         while (my ($chain, $chain_info) = each %{$table_info->{chains}}) {
-            if (exists $chain_info->{policy}) {
-                $status ||= execute_command("$table_cmd -P $chain $chain_info->{policy}")
-                  unless $chain_info->{policy} eq 'ACCEPT';
-            } elsif (not is_netfilter_builtin_chain($table, $chain)) {
-                $status ||= execute_command("$table_cmd -N $chain");
+            if (is_netfilter_builtin_chain($table, $chain)) {
+                if (exists $chain_info->{policy}) {
+                    $status ||= execute_command("$table_cmd -P $chain $chain_info->{policy}")
+                      unless $chain_info->{policy} eq 'ACCEPT';
+                }
+            } else {
+                if (exists $chain_info->{policy}) {
+                    $status ||= execute_command("$table_cmd -N $chain -P $chain_info->{policy}");
+                }
+                else {
+                    $status ||= execute_command("$table_cmd -N $chain");
+                }
             }
         }
 
-- 
1.7.2.5

Reply via email to