tags #550854 patch upstream thanks I have submitted the attached patches upstream
-- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
>From 2814ccb56dcb211ff3372113a7951bd2b109613e Mon Sep 17 00:00:00 2001 From: Marc Haber <[email protected]> Date: Thu, 10 Feb 2011 21:55:37 +0100 Subject: [PATCH 1/4] add substr and length function --- src/ferm | 8 ++++++++ 1 files changed, 8 insertions(+), 0 deletions(-) diff --git a/src/ferm b/src/ferm index 4a2736b..fa2defa 100755 --- a/src/ferm +++ b/src/ferm @@ -1111,6 +1111,14 @@ sub getvalues { my @params = get_function_params(); error('Usage: @eq(a, b)') unless @params == 1; return format_bool(not $params[0]); + } elsif ($token eq '@substr') { + my @params = get_function_params(); + error('Usage: @substr(string, num, num)') unless @params == 3; + return substr($params[0],$params[1],$params[2]); + } elsif ($token eq '@length') { + my @params = get_function_params(); + error('Usage: @length(string)') unless @params == 1; + return length($params[0]); } else { error("unknown ferm built-in function"); } -- 1.7.2.3
>From 5d7d9bdd55389a31df84fbba7b09d5f6e05fb63c Mon Sep 17 00:00:00 2001 From: Marc Haber <[email protected]> Date: Thu, 10 Feb 2011 21:56:20 +0100 Subject: [PATCH 2/4] allow expanded strings as subchain name --- src/ferm | 16 ++++++++++++---- 1 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src/ferm b/src/ferm index fa2defa..c87d47b 100755 --- a/src/ferm +++ b/src/ferm @@ -1973,14 +1973,22 @@ sub enter($$) { unless $rule{has_rule}; my $subchain; - $keyword = next_token(); + my $token = peek_token(); - if ($keyword =~ /^(["'])(.*)\1$/s) { + if ($token =~ /^(["'])(.*)\1$/s) { + print "quote\n", $subchain = $2; + next_token(); $keyword = next_token(); - } else { + } elsif ($token eq '{') { + print "brace\n", + next_token(); $subchain = 'ferm_auto_' . ++$auto_chain; - } + } else { + print "else\n", + $subchain = getvar(); + $keyword = next_token(); + } foreach my $domain (to_array $rule{domain}) { foreach my $table (to_array $rule{table}) { -- 1.7.2.3
>From 22dedb59fd29351047a261cd251b9baeb78334ff Mon Sep 17 00:00:00 2001 From: Marc Haber <[email protected]> Date: Thu, 10 Feb 2011 22:00:03 +0100 Subject: [PATCH 3/4] docs for length and substr --- doc/ferm.pod | 10 ++++++++++ 1 files changed, 10 insertions(+), 0 deletions(-) diff --git a/doc/ferm.pod b/doc/ferm.pod index 9660a96..de13609 100644 --- a/doc/ferm.pod +++ b/doc/ferm.pod @@ -1637,6 +1637,16 @@ Be careful with resolved host names in firewall configuration. DNS requests may block the firewall configuration for a long time, leaving the machine vulnerable, or they may fail. +=head2 @substr(expression, offset, length) + +Extracts a substring out of expression and returns it. First +character is at offset 0. If OFFSET is negative, starts that far from +the end of the string. + +=head2 @length(expression) + +Returns the length in characters of the value of EXPR. + =head1 RECIPES The F<./examples/> directory contains numerous ferm configuration -- 1.7.2.3
>From b1658f945c7e0f9fcdd59aaa00495e0f7860896d Mon Sep 17 00:00:00 2001 From: Marc Haber <[email protected]> Date: Thu, 10 Feb 2011 22:01:01 +0100 Subject: [PATCH 4/4] add docs for expanded subchain names --- doc/ferm.pod | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/doc/ferm.pod b/doc/ferm.pod index de13609..ec156d3 100644 --- a/doc/ferm.pod +++ b/doc/ferm.pod @@ -442,6 +442,9 @@ Optionally, you may define the name of the sub chain: proto udp dport domain ACCEPT; } +The name can either be a quoted string literal, or an expanded ferm +expression such as @length($var,20). + You can achieve the same by explicitly declaring a custom chain, but you may feel that using B<@subchain> requires less typing. -- 1.7.2.3
