Going further along with adding new things to IPFilter, some of
the recent things I've worked on adding code for are:
* selective flushing - to flush just things matching port 80:
# ipnat -m 'tcp.port=80' -F
# ipf -m 'tcp.port=80' -Fs
A list can be given - "tcp.port=25,80". The full list of currently
allowed words is:
ip.addr, ip.p ip.src, ip.dst, tcpc.port, tcp.dport, tcp.sport, udp.port,
udp.dport, udp.sport
* the matching from flushing also applies to listing active entries:
# ipnat -m 'port=80' -l
# ipfstat -m 'port=80' -sl
will respectively show only NAT or state matcing port 80.
* the above syntax can be used in ipf rules like this:
pass in exp { 'tcp.port=25,80' } keep state
(this is really experimental - how many fields are required for it
to be attractive or is it just a waste of time?)
* Active NAT/state entries can now be printed out in columns:
# ipnat -O all -l | head -1
# ipfstat -O all -sl | head -1
will print out the names of columns. A list can be given:
# ipnat -O oldsrcip,newsrcip,olddstip,newdstip -l
And you can change the name at the top
# ipfstat -O src=saddr,dst=addr -sl
or just not print out the heading line at all;
# ipnat -O all= -l
Comments/thoughts/criticisms welcome.
http://coombs.anu.edu.au/~avalon/ip_fil5.0.2.tar.gz
Darren
|