IPFilter 5.0.2

Going further along with adding new things to IPFilter, some of the recent things I've worked on adding code for are:

  • selective flushing - to flush just things matching port 80:
    # ipnat -m 'tcp.port=80' -F
    # ipf -m 'tcp.port=80' -Fs
    

    A list can be given - "tcp.port=25,80". The full list of currently allowed words is:

    ip.addr, ip.p ip.src, ip.dst, tcp.port, tcp.dport, tcp.sport, udp.port, udp.dport, udp.sport
    
  • the matching from flushing also applies to listing active entries:
    # ipnat -m 'port=80' -l
    # ipfstat -m 'port=80' -sl
    

    will respectively show only NAT or state matcing port 80.

  • the above syntax can be used in ipf rules like this
    pass in exp { 'tcp.port=25,80' } keep state
    

    (this is really experimental - how many fields are required for it to be attractive or is it just a waste of time?)

  • Active NAT/state entries can now be printed out in columns:
    # ipnat -O all -l | head -1
    # ipfstat -O all -sl | head -1
    

    will print out the names of columns. A list can be given:

    # ipnat -O oldsrcip,newsrcip,olddstip,newdstip -l
    

    And you can change the name at the top

    # ipfstat -O src=saddr,dst=addr -sl
    

    or just not print out the heading line at all:

    # ipnat -O all= -l
    

Comments/thoughts/criticisms welcome.

Comments:

Post a Comment:
Comments are closed for this entry.
About

avalon

Search

Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today