vasek00 Posted January 12, 2018 Posted January 12, 2018 Не нашел в Entware-3 данной программки - ebtables. Есть ли возможность ее добавить в пакет. Цитата / # opkg list | grep ebtables / # uname -a Linux My-K 3.4.113 #1 SMP Thu Dec 28 22:11:51 MSK 2017 mips GNU/Linux / # Quote
TheBB Posted January 12, 2018 Posted January 12, 2018 entware-3x ebtables Скрытый текст 0 ✓ root ~ # ebtables -h ebtables v2.0.10-4 (December 2011) Usage: ebtables -[ADI] chain rule-specification [options] ebtables -P chain target ebtables -[LFZ] [chain] ebtables -[NX] [chain] ebtables -E old-chain-name new-chain-name Commands: --append -A chain : append to chain --delete -D chain : delete matching rule from chain --delete -D chain rulenum : delete rule at position rulenum from chain --change-counters -C chain [rulenum] pcnt bcnt : change counters of existing rule --insert -I chain rulenum : insert rule at position rulenum in chain --list -L [chain] : list the rules in a chain or in all chains --flush -F [chain] : delete all rules in chain or in all chains --init-table : replace the kernel table with the initial table --zero -Z [chain] : put counters on zero in chain or in all chains --policy -P chain target : change policy on chain to target --new-chain -N chain : create a user defined chain --rename-chain -E old new : rename a chain --delete-chain -X [chain] : delete a user defined chain --atomic-commit : update the kernel w/t table contained in <FILE> --atomic-init : put the initial kernel table into <FILE> --atomic-save : put the current kernel table into <FILE> --atomic-file file : set <FILE> to file Options: --proto -p [!] proto : protocol hexadecimal, by name or LENGTH --src -s [!] address[/mask]: source mac address --dst -d [!] address[/mask]: destination mac address --in-if -i [!] name[+] : network input interface name --out-if -o [!] name[+] : network output interface name --logical-in [!] name[+] : logical bridge input interface name --logical-out [!] name[+] : logical bridge output interface name --set-counters -c chain pcnt bcnt : set the counters of the to be added rule --modprobe -M program : try to insert modules using this program --concurrent : use a file lock to support concurrent scripts --version -V : print package version Environment variable: EBTABLES_ATOMIC_FILE : if set <FILE> (see above) will equal its value Standard targets: DROP, ACCEPT, RETURN or CONTINUE; The target can also be a user defined chain. Supported chains for the filter table: INPUT FORWARD OUTPUT 0 ✓ root ~ # ebtables -L Bridge table: filter Bridge chain: INPUT, entries: 0, policy: ACCEPT Bridge chain: FORWARD, entries: 0, policy: ACCEPT Bridge chain: OUTPUT, entries: 0, policy: ACCEPT 0 ✓ root ~ # as is... гарантий никаких 1 1 Quote
vasek00 Posted January 13, 2018 Author Posted January 13, 2018 В текущей 2.11B для справки имеем в наличие : /lib/modules/3.4.113 # lsmod | grep ebt ebtable_broute 737 0 ebtable_filter 913 0 ebtable_nat 913 0 ebt_redirect 945 0 ebt_dnat 865 0 ebt_802_3 705 0 ebt_arp 1537 0 ebt_ip 1313 0 ebt_mark 753 0 ebt_arpreply 1073 0 ebt_ip6 1633 0 ebt_among 2305 0 ebt_pkttype 561 0 ebt_vlan 945 0 ebt_mark_m 625 0 ebt_stp 1953 0 ebt_snat 881 0 ebtables 16566 3 ebtable_broute,ebtable_nat,ebtable_filter ebt_limit 1041 0 /lib/modules/3.4.113 # ls -l | grep ebt_ -rw-r--r-- 1 root root 2044 Dec 28 21:57 ebt_802_3.ko -rw-r--r-- 1 root root 4048 Dec 28 21:57 ebt_among.ko -rw-r--r-- 1 root root 2980 Dec 28 21:57 ebt_arp.ko -rw-r--r-- 1 root root 2624 Dec 28 21:57 ebt_arpreply.ko -rw-r--r-- 1 root root 2428 Dec 28 21:57 ebt_dnat.ko -rw-r--r-- 1 root root 2732 Dec 28 21:57 ebt_ip.ko -rw-r--r-- 1 root root 3140 Dec 28 21:57 ebt_ip6.ko -rw-r--r-- 1 root root 2704 Dec 28 21:57 ebt_limit.ko -rw-r--r-- 1 root root 2080 Dec 28 21:57 ebt_mark.ko -rw-r--r-- 1 root root 1932 Dec 28 21:57 ebt_mark_m.ko -rw-r--r-- 1 root root 1884 Dec 28 21:57 ebt_pkttype.ko -rw-r--r-- 1 root root 2508 Dec 28 21:57 ebt_redirect.ko -rw-r--r-- 1 root root 2472 Dec 28 21:57 ebt_snat.ko -rw-r--r-- 1 root root 3508 Dec 28 21:57 ebt_stp.ko -rw-r--r-- 1 root root 2388 Dec 28 21:57 ebt_vlan.ko /lib/modules/3.4.113 # Quote
TheBB Posted January 15, 2018 Posted January 15, 2018 Пакеты ebtables, ebtables-utils добавлены в Entware-3x (mips, mipsel). Мимоходом добавлен пакет smcroute ))) 1 Quote
TheBB Posted January 18, 2018 Posted January 18, 2018 @vasek00 , для "комплекта" - arptables (mipsel; Entware-3x) Скрытый текст 0 ✓ root ~ # arptables -h arptables v0.0.4 Usage: arptables -[AD] chain rule-specification [options] arptables -[RI] chain rulenum rule-specification [options] arptables -D chain rulenum [options] arptables -[LFZ] [chain] [options] arptables -[NX] chain arptables -E old-chain-name new-chain-name arptables -P chain target [options] arptables -h (print this help information) Commands: Either long or short options are allowed. --append -A chain Append to chain --delete -D chain Delete matching rule from chain --delete -D chain rulenum Delete rule rulenum (1 = first) from chain --insert -I chain [rulenum] Insert in chain as rulenum (default 1=first) --replace -R chain rulenum Replace rule rulenum (1 = first) in chain --list -L [chain] List the rules in a chain or all chains --flush -F [chain] Delete all rules in chain or all chains --zero -Z [chain] Zero counters in chain or all chains --new -N chain Create a new user-defined chain --delete-chain -X [chain] Delete a user-defined chain --policy -P chain target Change policy on chain to target --rename-chain -E old-chain new-chain Change chain name, (moving any references) Options: --source-ip -s [!] address[/mask] source specification --destination-ip -d [!] address[/mask] destination specification --source-mac [!] address[/mask] --destination-mac [!] address[/mask] --h-length -l length[/mask] hardware length (nr of bytes) --opcode code[/mask] operation code (2 bytes) --h-type type[/mask] hardware type (2 bytes, hexadecimal) --proto-type type[/mask] protocol type (2 bytes) --in-interface -i [!] input name[+] network interface name ([+] for wildcard) --out-interface -o [!] output name[+] network interface name ([+] for wildcard) --jump -j target target for rule (may load target extension) --match -m match extended match (may load extension) --numeric -n numeric output of addresses and ports --table -t table table to manipulate (default: `filter') --verbose -v verbose mode --line-numbers print line numbers when listing --exact -x expand numbers (display exact values) --modprobe=<command> try to insert modules using this command --set-counters -c PKTS BYTES set the counter during insert/append [!] --version -V print package version. opcode strings: 1 = Request 2 = Reply 3 = Request_Reverse 4 = Reply_Reverse 5 = DRARP_Request 6 = DRARP_Reply 7 = DRARP_Error 8 = InARP_Request 9 = ARP_NAK hardware type string: 1 = Ethernet protocol type string: 0x800 = IPv4 MARK target v0.0.4 options: --set-mark mark : set the mark value --and-mark value : binary AND the mark with value --or-mark value : binary OR the mark with value CLASSIFY target v0.0.4 options: --set-class major:minor : set the major and minor class value mangle target v0.0.4 options: --mangle-ip-s IP address --mangle-ip-d IP address --mangle-mac-s MAC address --mangle-mac-d MAC address --mangle-target target (DROP, CONTINUE or ACCEPT -- default is ACCEPT) Standard v0.0.4 options: (If target is DROP, ACCEPT, RETURN or nothing) 0 ✓ root ~ # arptables -L Chain INPUT (policy ACCEPT) Chain OUTPUT (policy ACCEPT) Chain FORWARD (policy ACCEPT) 0 ✓ root ~ # 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.