The title says it all. I haven't touched C aside from an introductory course over 15 years ago, and make no claims that this is the right way to do it. But after fiddling with it for a while, this seemed like the least intrusive (read: simple and unlikely to break things) way to add it.
firewall3 seems to assume that anything with the "hash" method must have an inet family, but that isn't supported for hash:mac. It also looks like that is the only ipset type that starts with mac.
diff --git a/ipsets.c b/ipsets.c
index 280845b..3544e8d 100644
--- a/ipsets.c
+++ b/ipsets.c
@@ -85,6 +85,8 @@ static struct ipset_type ipset_types[] = {
OPT_FAMILY | OPT_HASHSIZE | OPT_MAXELEM),
T(HASH, IP, PORT, NET, 0,
OPT_FAMILY | OPT_HASHSIZE | OPT_MAXELEM),
+ T(HASH, MAC, UNSPEC, UNSPEC, 0,
+ OPT_FAMILY | OPT_HASHSIZE | OPT_MAXELEM),
T(LIST, SET, UNSPEC, UNSPEC, 0, OPT_MAXELEM),
};
@@ -362,6 +364,7 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
bool first = true;
struct fw3_setentry *entry;
struct fw3_ipset_datatype *type;
+ bool mac_first = false;
info(" * Creating ipset %s", ipset->name);
@@ -371,10 +374,12 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
list_for_each_entry(type, &ipset->datatypes, list)
{
fw3_pr("%c%s", first ? ':' : ',', fw3_ipset_type_names[type->type]);
+ if((type->type & FW3_IPSET_TYPE_MAC) && first)
+ mac_first = true;
first = false;
}
- if (ipset->method == FW3_IPSET_METHOD_HASH)
+ if ((ipset->method == FW3_IPSET_METHOD_HASH) && !mac_first)
fw3_pr(" family inet%s", (ipset->family == FW3_FAMILY_V4) ? "" : "6");
if (ipset->iprange.set)