r30696 - in /trunk/libiptables-chainmgr-perl: Changes Makefile.PL VERSION debian/changelog lib/IPTables/ChainMgr.pm
tincho at users.alioth.debian.org
tincho at users.alioth.debian.org
Sat Feb 14 15:48:58 UTC 2009
Author: tincho
Date: Sat Feb 14 15:48:44 2009
New Revision: 30696
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=30696
Log:
New upstream release
Modified:
trunk/libiptables-chainmgr-perl/Changes
trunk/libiptables-chainmgr-perl/Makefile.PL
trunk/libiptables-chainmgr-perl/VERSION
trunk/libiptables-chainmgr-perl/debian/changelog
trunk/libiptables-chainmgr-perl/lib/IPTables/ChainMgr.pm
Modified: trunk/libiptables-chainmgr-perl/Changes
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libiptables-chainmgr-perl/Changes?rev=30696&op=diff
==============================================================================
--- trunk/libiptables-chainmgr-perl/Changes (original)
+++ trunk/libiptables-chainmgr-perl/Changes Sat Feb 14 15:48:44 2009
@@ -1,20 +1,32 @@
Revision history for Perl extension IPTables::ChainMgr.
+0.9 Sat Feb 11 23:11:45 2008
+ - Added Net::IPv4Addr prerequisite to Makefile.PL (patch submitted by
+ Dominik Gehl).
+ - Updated perldoc documentation to properly discuss the delete_chain()
+ API. The material about the $jump_from_chain was missing (Darien
+ Kindlund reported this issue).
+ - Applied patch from Darien Kindlund to add the ability to specify the
+ source MAC address via the --mac-source <addr> command line argument to
+ iptables.
+
0.8 Fri Oct 17 11:35:15 2008
- - Added the ability to control iptables execution model. The default is to
- use waitpid(), but other options are to use system() or popen().
+ - Added the ability to control the iptables execution model. The default
+ is to use waitpid(), but other options are to use system() or popen().
- Added the ability to introduce a configurable time delay between each
iptables command.
- Added the ability to use a function reference for the SIGCHLD signal
handler.
- Added the ability to configure the number of seconds used as the alarm
timeout for iptables command execution in the waitpid() execution model.
- - Passed IPTables::ChainMgr option for execution model, configurable alarm
+ - Passed IPTables::ChainMgr options for execution model, configurable alarm
timeouts, the SIGCHLD signal handler reference, and the configurable
number of seconds for additional sleeps between iptables commands to the
IPTables::Parse module.
- Bugfix for SIGALRM handling to be more consistent with an example from
the perlipc man page.
+ - Added append_ip_rule() so that new iptables rules can be appended to the
+ end of a chain instead of just inserted at a particular rule number.
0.7 Sat May 17 10:49:15 2008
- Added perldoc documentation for 0.7 release.
Modified: trunk/libiptables-chainmgr-perl/Makefile.PL
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libiptables-chainmgr-perl/Makefile.PL?rev=30696&op=diff
==============================================================================
--- trunk/libiptables-chainmgr-perl/Makefile.PL (original)
+++ trunk/libiptables-chainmgr-perl/Makefile.PL Sat Feb 14 15:48:44 2009
@@ -5,7 +5,7 @@
WriteMakefile(
NAME => 'IPTables::ChainMgr',
VERSION_FROM => 'lib/IPTables/ChainMgr.pm', # finds $VERSION
- PREREQ_PM => {}, # e.g., Module::Name => 1.1
+ PREREQ_PM => {'Net::IPv4Addr' => 0.10}, # e.g., Module::Name => 1.1
($] >= 5.005 ? ## Add these new keywords supported since 5.005
(ABSTRACT_FROM => 'lib/IPTables/ChainMgr.pm', # retrieve abstract from module
AUTHOR => 'Michael Rash <mbr at cipherdyne.org>') : ()),
Modified: trunk/libiptables-chainmgr-perl/VERSION
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libiptables-chainmgr-perl/VERSION?rev=30696&op=diff
==============================================================================
--- trunk/libiptables-chainmgr-perl/VERSION (original)
+++ trunk/libiptables-chainmgr-perl/VERSION Sat Feb 14 15:48:44 2009
@@ -1,1 +1,1 @@
-0.8
+0.9
Modified: trunk/libiptables-chainmgr-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libiptables-chainmgr-perl/debian/changelog?rev=30696&op=diff
==============================================================================
--- trunk/libiptables-chainmgr-perl/debian/changelog (original)
+++ trunk/libiptables-chainmgr-perl/debian/changelog Sat Feb 14 15:48:44 2009
@@ -1,9 +1,13 @@
-libiptables-chainmgr-perl (0.8-2) UNRELEASED; urgency=low
+libiptables-chainmgr-perl (0.9-1) UNRELEASED; urgency=low
+ [ gregor herrmann ]
* debian/control: Changed: Switched Vcs-Browser field to ViewSVN
(source stanza).
- -- gregor herrmann <gregoa at debian.org> Sun, 16 Nov 2008 20:44:05 +0100
+ [ MartÃn Ferrari ]
+ * New upstream release
+
+ -- MartÃn Ferrari <tincho at debian.org> Fri, 13 Feb 2009 21:44:42 -0200
libiptables-chainmgr-perl (0.8-1) unstable; urgency=low
Modified: trunk/libiptables-chainmgr-perl/lib/IPTables/ChainMgr.pm
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libiptables-chainmgr-perl/lib/IPTables/ChainMgr.pm?rev=30696&op=diff
==============================================================================
--- trunk/libiptables-chainmgr-perl/lib/IPTables/ChainMgr.pm (original)
+++ trunk/libiptables-chainmgr-perl/lib/IPTables/ChainMgr.pm Sat Feb 14 15:48:44 2009
@@ -10,7 +10,7 @@
#
# Author: Michael Rash (mbr at cipherdyne.org)
#
-# Version: 0.8
+# Version: 0.9
#
##############################################################################
#
@@ -20,7 +20,7 @@
package IPTables::ChainMgr;
use 5.006;
-use POSIX ":sys_wait_h";
+use POSIX ':sys_wait_h';
use Carp;
use IPTables::Parse;
use Net::IPv4Addr 'ipv4_network';
@@ -28,7 +28,7 @@
use warnings;
use vars qw($VERSION);
-$VERSION = '0.8';
+$VERSION = '0.9';
sub new() {
my $class = shift;
@@ -155,7 +155,7 @@
if ($extended_href) {
$msg = "Table: $table, chain: $chain, $normalized_src -> " .
"$normalized_dst ";
- for my $key qw(protocol s_port d_port) {
+ for my $key qw(protocol s_port d_port mac_source) {
$msg .= "$key $extended_href->{$key} "
if defined $extended_href->{$key};
}
@@ -182,11 +182,13 @@
$ipt_cmd .= "-d $normalized_dst ";
$ipt_cmd .= "--dport $extended_href->{'d_port'} "
if defined $extended_href->{'d_port'};
+ $ipt_cmd .= "-m mac --mac-source $extended_href->{'mac_source'} "
+ if defined $extended_href->{'mac_source'};
$ipt_cmd .= "-j $target";
$msg = "Table: $table, chain: $chain, added $normalized_src " .
"-> $normalized_dst ";
- for my $key qw(protocol s_port d_port) {
+ for my $key qw(protocol s_port d_port mac_source) {
$msg .= "$key $extended_href->{$key} "
if defined $extended_href->{$key};
}
@@ -242,7 +244,7 @@
if ($extended_href) {
$msg = "Table: $table, chain: $chain, $normalized_src -> " .
"$normalized_dst ";
- for my $key qw(protocol s_port d_port) {
+ for my $key qw(protocol s_port d_port mac_source) {
$msg .= "$key $extended_href->{$key} "
if defined $extended_href->{$key};
}
@@ -279,11 +281,13 @@
$ipt_cmd .= "-d $normalized_dst ";
$ipt_cmd .= "--dport $extended_href->{'d_port'} "
if defined $extended_href->{'d_port'};
+ $ipt_cmd .= "-m mac --mac-source $extended_href->{'mac_source'} "
+ if defined $extended_href->{'mac_source'};
$ipt_cmd .= "-j $target";
$msg = "Table: $table, chain: $chain, added $normalized_src " .
"-> $normalized_dst ";
- for my $key qw(protocol s_port d_port) {
+ for my $key qw(protocol s_port d_port mac_source) {
$msg .= "$key $extended_href->{$key} "
if defined $extended_href->{$key};
}
@@ -340,7 +344,7 @@
my $extended_msg = '';
if ($extended_href) {
- for my $key qw(protocol s_port d_port) {
+ for my $key qw(protocol s_port d_port mac_source) {
$extended_msg .= "$key: $extended_href->{$key} "
if defined $extended_href->{$key};
}
@@ -386,7 +390,7 @@
$fh = *STDOUT if $verbose;
if ($debug or $verbose) {
- print $fh localtime() . " [+] IPTables::Parse::VERSION",
+ print $fh localtime() . " [+] IPTables::Parse::VERSION ",
"$IPTables::Parse::VERSION\n"
}
@@ -665,8 +669,9 @@
### flush all rules from the chain
$ipt_obj->flush_chain('filter', 'CUSTOM');
- ### now delete the chain
- $ipt_obj->delete_chain('filter', 'CUSTOM');
+ ### now delete the chain (along with any jump rule in the
+ ### INPUT chain)
+ $ipt_obj->delete_chain('filter', 'INPUT', 'CUSTOM');
}
# create new iptables chain in the 'filter' table
@@ -764,16 +769,18 @@
The flush_chain() function in the example above executes the iptables command
"/sbin/iptables -t filter -F CUSTOM"
-=item delete_chain($table, $chain)
-
-This function deletes a chain from the specified table:
-
- ($rv, $out_ar, $errs_ar) = $ipt_obj->delete_chain('filter', 'CUSTOM');
+=item delete_chain($table, $jump_from_chain, $chain)
+
+This function deletes a chain from the specified table along with any jump
+rule to which packets are jumped into this chain:
+
+ ($rv, $out_ar, $errs_ar) = $ipt_obj->delete_chain('filter', 'INPUT', 'CUSTOM');
Internally a check is performed to see whether the chain exists within
-the table, and global jump rules from other chains within the table that
-reference the specified chain are also deleted (a chain cannot be deleted
-until there are no references to it).
+the table, and global jump rules are removed from the jump chain before
+deletion (a chain cannot be deleted until there are no references to it).
+In the example above, the CUSTOM chain is deleted after any jump rule
+to this chain from the INPUT chain is also deleted.
=item find_ip_rule($src, $dst, $table, $chain, $target, %extended_info)
@@ -873,6 +880,7 @@
Franck Joncourt <franck.mail at dthconnex.com>
Grant Ferley
+ Darien Kindlund
=head1 AUTHOR
More information about the Pkg-perl-cvs-commits
mailing list