From 3655692502132d58e40082d68c516b4d06ef6959 Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Sun, 5 Dec 2004 14:46:55 +0000 Subject: re-add among match, got lost in action --- userspace/ebtables2/ebtables.8 | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) (limited to 'userspace') diff --git a/userspace/ebtables2/ebtables.8 b/userspace/ebtables2/ebtables.8 index df04a41..73642e7 100644 --- a/userspace/ebtables2/ebtables.8 +++ b/userspace/ebtables2/ebtables.8 @@ -1,4 +1,4 @@ -.TH EBTABLES 8 "22 November 2004" +.TH EBTABLES 8 "05 December 2004" .\" .\" Man page written by Bart De Schuymer .\" It is based on the iptables man page. @@ -506,6 +506,26 @@ If the 802.3 DSAP and SSAP values are 0xaa then the SNAP type field must be consulted to determine the payload protocol. This is a two byte (hexadecimal) argument. Only 802.3 frames with DSAP/SSAP 0xaa are checked for type. +.SS among +Match a MAC address or MAC/IP address pair versus a list of MAC addresses +and MAC/IP address pairs. +A list entry has the following format: xx:xx:xx:xx:xx:xx[=ip.ip.ip.ip][,]. Multiple +list entries are separated by a comma, specifying an IP address corresponding to +the MAC address is optional. Multiple MAC/IP address pairs with the same MAC address +but different IP address (and vice versa) can be specified. If the MAC address doesn't +match any entry from the list, the frame doesn't match the rule (unless '!' was used). +.TP +.BR "--among-dst " "[!] \fIlist\fP" +Compare the MAC destination to the given list. If the Ethernet frame has type +.BR IPv4 " or " ARP , +then comparison with MAC/IP destination address pairs from the +list is possible. +.TP +.BR "--among-src " "[!] \fIlist\fP" +Compare the MAC source to the given list. If the Ethernet frame has type +.BR IPv4 " or " ARP , +then comparison with MAC/IP source address pairs from the list +is possible. .SS arp Specify arp fields. The protocol must be specified as .BR ARP " or " RARP . @@ -576,9 +596,8 @@ This module matches at a limited rate using a token bucket filter. A rule using this extension will match until this limit is reached. It can be used with the .B --log -watcher -to give limited logging, for example. Its use is the same as the limit -match of iptables. +watcher to give limited logging, for example. Its use is the same +as the limit match of iptables. .TP .BR "--limit " "[\fIvalue\fP]" Maximum average matching rate: specified as a number, with an optional -- cgit v1.2.3