diff options
author | Bart De Schuymer <bdschuym@pandora.be> | 2004-12-05 14:46:55 +0000 |
---|---|---|
committer | Bart De Schuymer <bdschuym@pandora.be> | 2004-12-05 14:46:55 +0000 |
commit | 538f880a60f4bca6d1e96cec917f4db4a0e048fb (patch) | |
tree | 7f58b7e8d5edebb33cf7928fec21d2f136543c1a /ebtables.8 | |
parent | 598ca8f4bcfb41669f4bc6b0608cf62c7ca3d520 (diff) | |
download | ebtables-538f880a60f4bca6d1e96cec917f4db4a0e048fb.tar.gz |
re-add among match, got lost in action
Diffstat (limited to 'ebtables.8')
-rw-r--r-- | ebtables.8 | 27 |
1 files changed, 23 insertions, 4 deletions
@@ -1,4 +1,4 @@ -.TH EBTABLES 8 "22 November 2004" +.TH EBTABLES 8 "05 December 2004" .\" .\" Man page written by Bart De Schuymer <bdschuym@pandora.be> .\" It is based on the iptables man page. @@ -506,6 +506,26 @@ If the 802.3 DSAP and SSAP values are 0xaa then the SNAP type field must be consulted to determine the payload protocol. This is a two byte (hexadecimal) argument. Only 802.3 frames with DSAP/SSAP 0xaa are checked for type. +.SS among +Match a MAC address or MAC/IP address pair versus a list of MAC addresses +and MAC/IP address pairs. +A list entry has the following format: xx:xx:xx:xx:xx:xx[=ip.ip.ip.ip][,]. Multiple +list entries are separated by a comma, specifying an IP address corresponding to +the MAC address is optional. Multiple MAC/IP address pairs with the same MAC address +but different IP address (and vice versa) can be specified. If the MAC address doesn't +match any entry from the list, the frame doesn't match the rule (unless '!' was used). +.TP +.BR "--among-dst " "[!] \fIlist\fP" +Compare the MAC destination to the given list. If the Ethernet frame has type +.BR IPv4 " or " ARP , +then comparison with MAC/IP destination address pairs from the +list is possible. +.TP +.BR "--among-src " "[!] \fIlist\fP" +Compare the MAC source to the given list. If the Ethernet frame has type +.BR IPv4 " or " ARP , +then comparison with MAC/IP source address pairs from the list +is possible. .SS arp Specify arp fields. The protocol must be specified as .BR ARP " or " RARP . @@ -576,9 +596,8 @@ This module matches at a limited rate using a token bucket filter. A rule using this extension will match until this limit is reached. It can be used with the .B --log -watcher -to give limited logging, for example. Its use is the same as the limit -match of iptables. +watcher to give limited logging, for example. Its use is the same +as the limit match of iptables. .TP .BR "--limit " "[\fIvalue\fP]" Maximum average matching rate: specified as a number, with an optional |