diff options
| -rw-r--r-- | iptables-editrule-html.lsp | 4 | ||||
| -rw-r--r-- | iptables-model.lua | 38 |
2 files changed, 42 insertions, 0 deletions
diff --git a/iptables-editrule-html.lsp b/iptables-editrule-html.lsp index 6412039..4f7ba0b 100644 --- a/iptables-editrule-html.lsp +++ b/iptables-editrule-html.lsp @@ -47,6 +47,10 @@ displayformitem(form.value.sports) displayformitem(form.value.dports) displayformitem(form.value.ports) displayformitem(form.value.state) +displayformitem(form.value.tcp_sport) +displayformitem(form.value.tcp_dport) +displayformitem(form.value.udp_sport) +displayformitem(form.value.udp_dport) %> </DL><H2><%= form.option %></H2> <% displayformend(form) %> diff --git a/iptables-model.lua b/iptables-model.lua index 67304b7..e883752 100644 --- a/iptables-model.lua +++ b/iptables-model.lua @@ -110,6 +110,10 @@ local function validate_rule(rule) basiccheck(rule.value.dports) basiccheck(rule.value.ports) basiccheck(rule.value.state) + basiccheck(rule.value.tcp_sport) + basiccheck(rule.value.tcp_dport) + basiccheck(rule.value.udp_sport) + basiccheck(rule.value.udp_dport) return success, rule end @@ -173,6 +177,12 @@ local function generate_rule_specification(rule) addparameter(rule.value.ports.value, "--ports", false) addmodule({rule.value.state.value}, "state") addparameter(rule.value.state.value, "--state") + addmodule({rule.value.tcp_sport.value, rule.value.tcp_dport.value}, "tcp") + addparameter(rule.value.tcp_sport.value, "--sport", false) + addparameter(rule.value.tcp_dport.value, "--dport", false) + addmodule({rule.value.udp_sport.value, rule.value.udp_dport.value}, "udp") + addparameter(rule.value.udp_sport.value, "--sport", false) + addparameter(rule.value.udp_dport.value, "--dport", false) return table.concat(spec, " ") end @@ -349,6 +359,10 @@ function read_rule(tab, chain, pos) retval.dports = cfe({ label="Destination Ports", descr="Up to 15 comma-separated ports can be specified. Port ranges (port:port) count as two ports. A '!' before the port definition inverts the test." }) retval.ports = cfe({ label="Ports", descr="Up to 15 comma-separated ports can be specified. Port ranges (port:port) count as two ports. A '!' before the port definition inverts the test." }) retval.state = cfe({ label="State", descr="Comma-separated list of states to match. Possible states are INVALID, ESTABLISHED, NEW, and RELATED." }) + retval.tcp_sport = cfe({ label="TCP Source Port", descr="A port or port range (port:port) specification. This can either be a service name or port number. A '!' before the port definition inverts the test." }) + retval.tcp_dport = cfe({ label="TCP Destination Port", descr="A port or port range (port:port) specification. This can either be a service name or port number. A '!' before the port definition inverts the test." }) + retval.udp_sport = cfe({ label="UDP Source Port", descr="A port or port range (port:port) specification. This can either be a service name or port number. A '!' before the port definition inverts the test." }) + retval.udp_dport = cfe({ label="UDP Destination Port", descr="A port or port range (port:port) specification. This can either be a service name or port number. A '!' before the port definition inverts the test." }) getdetails() if tab and not details[tab] then @@ -435,6 +449,30 @@ function read_rule(tab, chain, pos) elseif words[i] == "state" then retval.state.value = words[i+1] i = i+1 + elseif words[i] == "tcp" then + while true do + if string.match(words[i+1], "^spt") then + retval.tcp_sport.value = string.match(words[i+1], ":(.+)$") + i = i+1 + elseif string.match(words[i+1], "^dpt") then + retval.tcp_dport.value = string.match(words[i+1], ":(.+)$") + i = i+1 + else + break + end + end + elseif words[i] == "udp" then + while words[i+1] do + if string.match(words[i+1], "^spt") then + retval.udp_sport.value = string.match(words[i+1], ":(.+)$") + i = i+1 + elseif string.match(words[i+1], "^dpt") then + retval.udp_dport.value = string.match(words[i+1], ":(.+)$") + i = i+1 + else + break + end + end end i = i+1 end |