Ebtables

[vasek00]

Не нашел в Entware-3 данной программки - ebtables. Есть ли возможность ее добавить в пакет.

Цитата

/ # opkg list | grep ebtables
/ # uname -a
Linux My-K 3.4.113 #1 SMP Thu Dec 28 22:11:51 MSK 2017 mips GNU/Linux
/ #

 

[TheBB]

entware-3x ebtables

Скрытый текст

 

0 ✓ root ~ # ebtables -h
ebtables v2.0.10-4 (December 2011)
Usage:
ebtables -[ADI] chain rule-specification [options]
ebtables -P chain target
ebtables -[LFZ] [chain]
ebtables -[NX] [chain]
ebtables -E old-chain-name new-chain-name

Commands:
--append -A chain             : append to chain
--delete -D chain             : delete matching rule from chain
--delete -D chain rulenum     : delete rule at position rulenum from chain
--change-counters -C chain
          [rulenum] pcnt bcnt : change counters of existing rule
--insert -I chain rulenum     : insert rule at position rulenum in chain
--list   -L [chain]           : list the rules in a chain or in all chains
--flush  -F [chain]           : delete all rules in chain or in all chains
--init-table                  : replace the kernel table with the initial table
--zero   -Z [chain]           : put counters on zero in chain or in all chains
--policy -P chain target      : change policy on chain to target
--new-chain -N chain          : create a user defined chain
--rename-chain -E old new     : rename a chain
--delete-chain -X [chain]     : delete a user defined chain
--atomic-commit               : update the kernel w/t table contained in <FILE>
--atomic-init                 : put the initial kernel table into <FILE>
--atomic-save                 : put the current kernel table into <FILE>
--atomic-file file            : set <FILE> to file

Options:
--proto  -p [!] proto         : protocol hexadecimal, by name or LENGTH
--src    -s [!] address[/mask]: source mac address
--dst    -d [!] address[/mask]: destination mac address
--in-if  -i [!] name[+]       : network input interface name
--out-if -o [!] name[+]       : network output interface name
--logical-in  [!] name[+]     : logical bridge input interface name
--logical-out [!] name[+]     : logical bridge output interface name
--set-counters -c chain
          pcnt bcnt           : set the counters of the to be added rule
--modprobe -M program         : try to insert modules using this program
--concurrent                  : use a file lock to support concurrent scripts
--version -V                  : print package version

Environment variable:
EBTABLES_ATOMIC_FILE          : if set <FILE> (see above) will equal its value

Standard targets: DROP, ACCEPT, RETURN or CONTINUE;
The target can also be a user defined chain.

Supported chains for the filter table:
INPUT FORWARD OUTPUT 


0 ✓ root ~ # ebtables -L
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
0 ✓ root ~ #

 

as is... гарантий никаких

[vasek00]

ОК

[vasek00]

В текущей 2.11B для справки имеем в наличие :

/lib/modules/3.4.113 # lsmod | grep ebt
ebtable_broute           737  0
ebtable_filter           913  0
ebtable_nat              913  0
ebt_redirect             945  0
ebt_dnat                 865  0
ebt_802_3                705  0
ebt_arp                 1537  0
ebt_ip                  1313  0
ebt_mark                 753  0
ebt_arpreply            1073  0
ebt_ip6                 1633  0
ebt_among               2305  0
ebt_pkttype              561  0
ebt_vlan                 945  0
ebt_mark_m               625  0
ebt_stp                 1953  0
ebt_snat                 881  0
ebtables               16566  3 ebtable_broute,ebtable_nat,ebtable_filter
ebt_limit               1041  0
/lib/modules/3.4.113 # ls -l | grep ebt_
-rw-r--r--    1 root     root          2044 Dec 28 21:57 ebt_802_3.ko
-rw-r--r--    1 root     root          4048 Dec 28 21:57 ebt_among.ko
-rw-r--r--    1 root     root          2980 Dec 28 21:57 ebt_arp.ko
-rw-r--r--    1 root     root          2624 Dec 28 21:57 ebt_arpreply.ko
-rw-r--r--    1 root     root          2428 Dec 28 21:57 ebt_dnat.ko
-rw-r--r--    1 root     root          2732 Dec 28 21:57 ebt_ip.ko
-rw-r--r--    1 root     root          3140 Dec 28 21:57 ebt_ip6.ko
-rw-r--r--    1 root     root          2704 Dec 28 21:57 ebt_limit.ko
-rw-r--r--    1 root     root          2080 Dec 28 21:57 ebt_mark.ko
-rw-r--r--    1 root     root          1932 Dec 28 21:57 ebt_mark_m.ko
-rw-r--r--    1 root     root          1884 Dec 28 21:57 ebt_pkttype.ko
-rw-r--r--    1 root     root          2508 Dec 28 21:57 ebt_redirect.ko
-rw-r--r--    1 root     root          2472 Dec 28 21:57 ebt_snat.ko
-rw-r--r--    1 root     root          3508 Dec 28 21:57 ebt_stp.ko
-rw-r--r--    1 root     root          2388 Dec 28 21:57 ebt_vlan.ko
/lib/modules/3.4.113 # 

 

[TheBB]

Пакеты ebtables, ebtables-utils добавлены в Entware-3x (mips, mipsel).

Мимоходом добавлен пакет smcroute )))

[TheBB]

@vasek00 , для "комплекта" - arptables (mipsel; Entware-3x)

Скрытый текст

 

0 ✓ root ~ # arptables -h
arptables v0.0.4

Usage: arptables -[AD] chain rule-specification [options]
       arptables -[RI] chain rulenum rule-specification [options]
       arptables -D chain rulenum [options]
       arptables -[LFZ] [chain] [options]
       arptables -[NX] chain
       arptables -E old-chain-name new-chain-name
       arptables -P chain target [options]
       arptables -h (print this help information)

Commands:
Either long or short options are allowed.
  --append  -A chain		Append to chain
  --delete  -D chain		Delete matching rule from chain
  --delete  -D chain rulenum
				Delete rule rulenum (1 = first) from chain
  --insert  -I chain [rulenum]
				Insert in chain as rulenum (default 1=first)
  --replace -R chain rulenum
				Replace rule rulenum (1 = first) in chain
  --list    -L [chain]		List the rules in a chain or all chains
  --flush   -F [chain]		Delete all rules in  chain or all chains
  --zero    -Z [chain]		Zero counters in chain or all chains
  --new     -N chain		Create a new user-defined chain
  --delete-chain
            -X [chain]		Delete a user-defined chain
  --policy  -P chain target
				Change policy on chain to target
  --rename-chain
            -E old-chain new-chain
				Change chain name, (moving any references)
Options:
  --source-ip	-s [!] address[/mask]
				source specification
  --destination-ip -d [!] address[/mask]
				destination specification
  --source-mac [!] address[/mask]
  --destination-mac [!] address[/mask]
  --h-length   -l   length[/mask] hardware length (nr of bytes)
  --opcode code[/mask] operation code (2 bytes)
  --h-type   type[/mask]  hardware type (2 bytes, hexadecimal)
  --proto-type   type[/mask]  protocol type (2 bytes)
  --in-interface -i [!] input name[+]
				network interface name ([+] for wildcard)
  --out-interface -o [!] output name[+]
				network interface name ([+] for wildcard)
  --jump	-j target
				target for rule (may load target extension)
  --match	-m match
				extended match (may load extension)
  --numeric	-n		numeric output of addresses and ports
  --table	-t table	table to manipulate (default: `filter')
  --verbose	-v		verbose mode
  --line-numbers		print line numbers when listing
  --exact	-x		expand numbers (display exact values)
  --modprobe=<command>		try to insert modules using this command
  --set-counters -c PKTS BYTES	set the counter during insert/append
[!] --version	-V		print package version.
 opcode strings: 
 1 = Request
 2 = Reply
 3 = Request_Reverse
 4 = Reply_Reverse
 5 = DRARP_Request
 6 = DRARP_Reply
 7 = DRARP_Error
 8 = InARP_Request
 9 = ARP_NAK
 hardware type string: 1 = Ethernet
 protocol type string: 0x800 = IPv4

MARK target v0.0.4 options:
--set-mark mark : set the mark value
--and-mark value : binary AND the mark with value
--or-mark value : binary OR the mark with value

CLASSIFY target v0.0.4 options:
--set-class major:minor : set the major and minor class value

mangle target v0.0.4 options:
--mangle-ip-s IP address
--mangle-ip-d IP address
--mangle-mac-s MAC address
--mangle-mac-d MAC address
--mangle-target target (DROP, CONTINUE or ACCEPT -- default is ACCEPT)

Standard v0.0.4 options:
(If target is DROP, ACCEPT, RETURN or nothing)

0 ✓ root ~ # arptables -L
Chain INPUT (policy ACCEPT)

Chain OUTPUT (policy ACCEPT)

Chain FORWARD (policy ACCEPT)
0 ✓ root ~ #