diff options
author | Ted Trask <ttrask01@yahoo.com> | 2013-01-06 14:03:19 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2013-01-06 14:03:19 +0000 |
commit | a5e860eb3bdbc3d1ee1f009af93be6f8ffc3eb42 (patch) | |
tree | 799ddc10f66715aa87bbd4115ce236a5f0031283 | |
parent | 38f5d1fb5817aaf7a609662907472a967f1253df (diff) | |
download | acf-iptables-a5e860eb3bdbc3d1ee1f009af93be6f8ffc3eb42.tar.bz2 acf-iptables-a5e860eb3bdbc3d1ee1f009af93be6f8ffc3eb42.tar.xz |
Fix rule specification now that we're using run_executable
-rw-r--r-- | iptables-model.lua | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/iptables-model.lua b/iptables-model.lua index 8b567c3..494dcb7 100644 --- a/iptables-model.lua +++ b/iptables-model.lua @@ -123,19 +123,24 @@ local function generate_rule_specification(rule) if string.find(value, "^!") then if notfirst then spec[#spec + 1] = '!' - value = string.sub(value, 2) + spec[#spec + 1] = option + spec[#spec + 1] = string.sub(value, 2) else - value = string.sub(value,1,1) .. " " .. string.sub(value,2) + spec[#spec + 1] = option + spec[#spec + 1] = '!' + spec[#spec + 1] = string.sub(value,2) end + else + spec[#spec + 1] = option + spec[#spec + 1] = format.escapespecialcharacters(value) end - spec[#spec + 1] = option - spec[#spec + 1] = format.escapespecialcharacters(value) end end function addmodule(values, mod) for i,value in ipairs(values) do if value ~= "" then - spec[#spec + 1] = "-m "..mod + spec[#spec + 1] = "-m" + spec[#spec + 1] = mod break end end @@ -149,7 +154,8 @@ local function generate_rule_specification(rule) addparameter(rule.value.in_interface.value, "-i", true) addparameter(rule.value.out_interface.value, "-o", true) if rule.value.fragment.value == "!" then - spec[#spec + 1] = "! -f" + spec[#spec + 1] = "!" + spec[#spec + 1] = "-f" elseif rule.value.fragment.value ~= "" then spec[#spec + 1] = "-f" end @@ -160,7 +166,7 @@ local function generate_rule_specification(rule) addmodule({rule.value.comment.value}, "comment") if rule.value.comment.value ~= "" then spec[#spec + 1] = "--comment" - spec[#spec + 1] = '"' .. rule.value.comment.value .. '"' + spec[#spec + 1] = rule.value.comment.value end addmodule({rule.value.icmp_type.value}, "icmp") addparameter(rule.value.icmp_type.value, "--icmp-type", true) @@ -182,7 +188,7 @@ local function generate_rule_specification(rule) addparameter(rule.value.udp_sport.value, "--sport", true) addparameter(rule.value.udp_dport.value, "--dport", true) - return table.concat(spec, " ") + return spec end -- ################################################################################ @@ -478,7 +484,7 @@ function create_rule(self, rule) cmd[#cmd+1] = "-A" cmd[#cmd+1] = rule.value.chain.value end - cmd[#cmd+1] = spec + for i,s in ipairs(spec) do cmd[#cmd+1] = s end rule.descr, rule.errtxt = modelfunctions.run_executable(cmd, true) else rule.errtxt = "Failed to create rule" @@ -496,7 +502,9 @@ function update_rule(self, rule) if success then local spec = generate_rule_specification(rule) - rule.descr, rule.errtxt = modelfunctions.run_executable({"iptables", "-t", rule.value.table.value, "-R", rule.value.chain.value, rule.value.position.value, spec}, true) + local cmd = {"iptables", "-t", rule.value.table.value, "-R", rule.value.chain.value, rule.value.position.value} + for i,s in ipairs(spec) do cmd[#cmd+1] = s end + rule.descr, rule.errtxt = modelfunctions.run_executable(cmd, true) else rule.errtxt = "Failed to update rule" end |