shorewall directory files, show changes

git-svn-id: svn://svn.alpinelinux.org/acf/shorewall/trunk@250 ab2d0c66-481e-0410-8bed-d214d4d58bed
author: Alexander Poslavsky <alexander.poslavsky@gmail.com> 2007-11-02 07:48:38 +0000
committer: Alexander Poslavsky <alexander.poslavsky@gmail.com> 2007-11-02 07:48:38 +0000
commit: 2f6b7570cdf277f1c3889464fd7705b089e1eac4 (patch)
tree: 296e0a730ac80a32f1ff4cd0e710484d93c9cf9b
parent: b418c71c42d0fea752d3e686d269dec0f943d31b (diff)
download: acf-shorewall-2f6b7570cdf277f1c3889464fd7705b089e1eac4.tar.bz2
acf-shorewall-2f6b7570cdf277f1c3889464fd7705b089e1eac4.tar.xz
7 files changed, 345 insertions, 35 deletions
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..01a86ba
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,47 @@
+APP_NAME=shorewall
+PACKAGE=acf-$(APP_NAME)
+VERSION=0.1
+
+APP_DIST=\
+	shorewall-controller.lua \
+	shorewall-html.lsp \
+	shorewall-read-html.lsp \
+	shorewall.menu \
+	cfgfile/firewall.cfg
+
+EXTRA_DIST=Makefile config.mk
+
+DISTFILES=$(APP_DIST) $(EXTRA_DIST) 
+
+TAR=tar
+
+P=$(PACKAGE)-$(VERSION)
+tarball=$(P).tar.bz2
+install_dir=$(DESTDIR)/$(appdir)/$(APP_NAME)
+
+all:
+clean:
+	rm -rf $(tarball) $(P)
+
+dist: $(tarball)
+
+install:
+	mkdir -p "$(install_dir)"
+	cp -a $(APP_DIST) "$(install_dir)"
+
+$(tarball):	$(DISTFILES)
+	rm -rf $(P)
+	mkdir -p $(P)
+	cp $(DISTFILES) $(P)
+	$(TAR) -jcf $@ $(P)
+	rm -rf $(P)
+
+# target that creates a tar package, unpacks is and install from package
+dist-install: $(tarball)
+	$(TAR) -jxf $(tarball)
+	$(MAKE) -C $(P) install DESTDIR=$(DESTDIR)
+	rm -rf $(P)
+
+include config.mk
+
+.PHONY: all clean dist install dist-install
diff --git a/app/cfgfile/firewall.cfg b/app/cfgfile/firewall.cfg
new file mode 100644
index 0000000..60ba9d6
--- /dev/null
+++ b/app/cfgfile/firewall.cfg
@@ -0,0 +1,55 @@
+--[[ cfgfile-model loads all .cfg files in this directory and
+  evaluates them by putting return ({ ... }) around file contents.
+  This file contains body of lua table with one item per config file.
+  Each item is table with following keys currently having meaning:
+    app - string that is used to group items by controller
+    section - string that is used to group items visually on page
+    name - short name that is shown to user
+    filename - filesystem path of config file
+    descr - descr, one liner
+--]]
+
+{ app="firewall", section="general",
+  name="params", filename="/etc/shorewall/params",
+  descr="Define variables used in the other configuration files." },
+{ app="firewall", section="general",
+  name="shorewall", filename="/etc/shorewall/shorewall.conf",
+  descr="Modify global configuration settings." },
+{ app="firewall", section="firewalling",
+  name="zones", filename="/etc/shorewall/zones",
+  descr="Name network partitions. Firewall rules are applied to defined zones." },
+{ app="firewall", section="firewalling",
+  name="interfaces", filename="/etc/shorewall/interfaces",
+  descr="Map physical interfaces to named zones." },
+{ app="firewall", section="firewalling",
+  name="hosts", filename="/etc/shorewall/hosts",
+  descr="Name specific hosts within zones." },
+{ app="firewall", section="firewalling",
+  name="policy", filename="/etc/shorewall/policy",
+  descr="Set default rules (policies) for zones." },
+{ app="firewall", section="firewalling",
+  name="rules", filename="/etc/shorewall/rules",
+  descr="Define exceptions to policies." },
+{ app="firewall", section="firewalling",
+  name="routestopped", filename="/etc/shorewall/routestopped",
+  descr="Define hosts that can access this host when the firewall is \"stopped\"" },
+{ app="firewall", section="firewalling",
+  name="tunnels", filename="/etc/shorewall/tunnels",
+  descr="Specify ipsec tunnel endpoints" },
+{ app="firewall", section="firewalling",
+  name="blacklist", filename="/etc/shorewall/blacklist",
+  descr="List ip addresses or names that should be denied all access to the firewall." },
+{ app="firewall", section="nat",
+  name="masq", filename="/etc/shorewall/masq",
+  descr="Define dynamic Masquerading or DNAT tables" },
+{ app="firewall", section="nat",
+  name="nat", filename="/etc/shorewall/nat",
+  descr="Define static Network Address Translation table" },
+{ app="firewall", section="qos",
+  name="tos", filename="/etc/shorewall/tos",
+  descr="Specify type of service markers for packets traversing the firewall." },
+{ app="firewall", section="qos",
+  name="tcrules", filename="/etc/shorewall/tcrules",
+  descr="Define traffic control rules." },
+
+-- /* vim: set filetype=lua : */
diff --git a/app/shorewall-controller.lua b/app/shorewall-controller.lua
index 78219b7..f1583cf 100644
--- a/app/shorewall-controller.lua
+++ b/app/shorewall-controller.lua
@@ -9,9 +9,13 @@ end
 mvc={}
 mvc.on_load = function(self, parent)
     --TODO: This needs to be looked at 
+    --there has to be cute, standard way of loading models into controller
     self.cfgfile = self:soft_require("cfgfile-model")
     setmetatable(self.cfgfile, self.cfgfile)
     self.cfgfile.__index = self.worker
+    self.service = self:soft_require("service-model")
+    setmetatable(self.service, self.service)
+    self.service.__index = self.worker
     if (self.worker[self.conf.action] == nil) or (self.conf.action == "init") then
         self.worker[self.conf.action] = list_redir(self)
     end
@@ -58,41 +62,41 @@ update = function(self)
         value = data}
 end
 
---This is a work in progress, do not review
-local function mkCtlRet(self)
-    return {
+local function service(self, action)
+    local id = tonumber(self.clientdata.id) or -1
+    local svc = self.service:list("firewall")
+    local ret = {
         script=ENV["SCRIPT_NAME"],
         prefix=self.conf.prefix,
         controller = self.conf.controller,
-        action={
-          { name="restart", label="Restart" },
-          { name="start", label="Start" },
-          { name="stop", label="Stop" },
-          { name="reload", label="Reload", disabled=true },
-	},
-	title="Shorewall",
-	text={}
+        action={},
+	title="Firewall",
+	text={},
+	active={ id=id }
     }
-end
-
-restart = function(self)
-    ret = mkCtlRet(self)
-    if self.clientdata.restart then
-        ret.active = "restart"
-	local f = io.popen("/etc/init.d/shorewall restart", "r")
-	if f then
-            local out = f:read("*a")
-	    f:close()
-	    ret.text[#ret.text + 1] = { label="Restarting", content=out }
-	else
-	    ret.text[#ret.text + 1] = {
-	        label="Error", content="Cannot run /etc/init.d/shorewall"
+    for i,s in pairs(svc) do
+        for i,a in ipairs(s.actions) do
+	    ret.action[#ret.action + 1] = {
+                name = a,
+		section = s.name .. " (" .. tostring(s.status) .. ")",
+		id = s.id,
+		label = a,
 	    }
 	end
     end
+    if self.clientdata[action] then
+        local result, report = self.service:update(id, action)
+	local label = "Error"
+	if result then
+	    ret.active.action = action
+            label = "Report"
+	end
+	ret.text[#ret.text + 1] = { label=label, content=report }
+    end
     return ret
 end
 
---create = update
---delete = update
+start = function(self) return service(self, "start") end
+stop = function(self) return service(self, "stop") end
+restart = function(self) return service(self, "restart") end
 
diff --git a/app/shorewall-read-html.lsp b/app/shorewall-read-html.lsp
index cf73662..c4732a0 100644
--- a/app/shorewall-read-html.lsp
+++ b/app/shorewall-read-html.lsp
@@ -1,18 +1,24 @@
-<?
-local view = ...
-?><h1>Edit</h1><table border=0><?
-local sct=""
+<? local view = ... ?>
+
+<? --Status Block
+
+?>
+
+<h1>Edit</h1>
+<table border=0>
+<? local sct=""
 for i,item in ipairs(view.list) do
     if item.section ~= sct then
-        ?><tr><td colspan='2'><h2><?= item.section ?></td></tr><?
+        ?><tr><td colspan='3'><h2><?= item.section ?></td></tr><?
         sct = item.section
     end
-    ?><tr><td><?= html.link{
+    ?><tr><td><?= item.status or '' ?><?
+    ?><td><?= html.link{
         value = view.script .. view.prefix .. view.controller .. "/"
         .. view.action .. "?id=" .. tostring(item.id),
         label=item.name
     }
     ?></td><td><?= item.descr
     ?></td></tr><? 
-end
-?></table>
+end ?>
+</table>
diff --git a/app/shorewall-restart-html.lsp b/app/shorewall-restart-html.lsp
new file mode 100644
index 0000000..2daa4bc
--- /dev/null
+++ b/app/shorewall-restart-html.lsp
@@ -0,0 +1,66 @@
+<?
+local view = ...
+
+local function packURL(script, prefix, controller, action, extra)
+    ret = script .. "/" .. prefix .. controller .. "/" .. action
+    sep = '?'
+    for k,v in pairs(extra) do
+        ret = ret .. sep .. k .. '=' .. v
+        sep = '&'
+    end
+    return ret
+end
+
+--[[
+view
+  script, prefix, controller
+  action[]
+    name, script, prefix, controller
+    section
+    id
+    label
+    disabled
+  active
+    id
+    action
+  title
+  text[]
+    label
+    content
+--]]
+?><h1><?= view.title
+?></h1><?
+
+local section = ""
+for i,item in ipairs(view.action) do
+    if section ~= item.section then
+	section = item.section
+	?><h2><?= section ?></h2><?
+    end
+    if item.disabled then
+        ?><i><?= item.label or item.name ?></i><?
+    else
+        ?><?= html.form.start {   
+            method="POST",
+            action = packURL(item.script or view.script,
+                item.prefix or view.prefix,
+                item.controller or view.controller,
+                item.name, {})
+        } ?><?= html.form.hidden { name="id", value=item.id } ?><?
+        local label = (item.label or item.name)
+        if item.id == view.active.id and item.name == view.active.action then
+    	    label = '['..label..']'
+        end
+        ?><?= html.form.submit {
+	    name = item.name, value = label
+	} ?><?= html.form.stop() ?><?
+    end
+end
+for i,item in ipairs(view.text) do
+    if item.label then
+        ?><h2><?= item.label ?></h2><?
+    end
+    ?><pre><?= item.content ?></pre><?
+end
+-- vim: set filetype=lua :
+?>
diff --git a/app/shorewall-start-html.lsp b/app/shorewall-start-html.lsp
new file mode 100644
index 0000000..2daa4bc
--- /dev/null
+++ b/app/shorewall-start-html.lsp
@@ -0,0 +1,66 @@
+<?
+local view = ...
+
+local function packURL(script, prefix, controller, action, extra)
+    ret = script .. "/" .. prefix .. controller .. "/" .. action
+    sep = '?'
+    for k,v in pairs(extra) do
+        ret = ret .. sep .. k .. '=' .. v
+        sep = '&'
+    end
+    return ret
+end
+
+--[[
+view
+  script, prefix, controller
+  action[]
+    name, script, prefix, controller
+    section
+    id
+    label
+    disabled
+  active
+    id
+    action
+  title
+  text[]
+    label
+    content
+--]]
+?><h1><?= view.title
+?></h1><?
+
+local section = ""
+for i,item in ipairs(view.action) do
+    if section ~= item.section then
+	section = item.section
+	?><h2><?= section ?></h2><?
+    end
+    if item.disabled then
+        ?><i><?= item.label or item.name ?></i><?
+    else
+        ?><?= html.form.start {   
+            method="POST",
+            action = packURL(item.script or view.script,
+                item.prefix or view.prefix,
+                item.controller or view.controller,
+                item.name, {})
+        } ?><?= html.form.hidden { name="id", value=item.id } ?><?
+        local label = (item.label or item.name)
+        if item.id == view.active.id and item.name == view.active.action then
+    	    label = '['..label..']'
+        end
+        ?><?= html.form.submit {
+	    name = item.name, value = label
+	} ?><?= html.form.stop() ?><?
+    end
+end
+for i,item in ipairs(view.text) do
+    if item.label then
+        ?><h2><?= item.label ?></h2><?
+    end
+    ?><pre><?= item.content ?></pre><?
+end
+-- vim: set filetype=lua :
+?>
diff --git a/app/shorewall-stop-html.lsp b/app/shorewall-stop-html.lsp
new file mode 100644
index 0000000..2daa4bc
--- /dev/null
+++ b/app/shorewall-stop-html.lsp
@@ -0,0 +1,66 @@
+<?
+local view = ...
+
+local function packURL(script, prefix, controller, action, extra)
+    ret = script .. "/" .. prefix .. controller .. "/" .. action
+    sep = '?'
+    for k,v in pairs(extra) do
+        ret = ret .. sep .. k .. '=' .. v
+        sep = '&'
+    end
+    return ret
+end
+
+--[[
+view
+  script, prefix, controller
+  action[]
+    name, script, prefix, controller
+    section
+    id
+    label
+    disabled
+  active
+    id
+    action
+  title
+  text[]
+    label
+    content
+--]]
+?><h1><?= view.title
+?></h1><?
+
+local section = ""
+for i,item in ipairs(view.action) do
+    if section ~= item.section then
+	section = item.section
+	?><h2><?= section ?></h2><?
+    end
+    if item.disabled then
+        ?><i><?= item.label or item.name ?></i><?
+    else
+        ?><?= html.form.start {   
+            method="POST",
+            action = packURL(item.script or view.script,
+                item.prefix or view.prefix,
+                item.controller or view.controller,
+                item.name, {})
+        } ?><?= html.form.hidden { name="id", value=item.id } ?><?
+        local label = (item.label or item.name)
+        if item.id == view.active.id and item.name == view.active.action then
+    	    label = '['..label..']'
+        end
+        ?><?= html.form.submit {
+	    name = item.name, value = label
+	} ?><?= html.form.stop() ?><?
+    end
+end
+for i,item in ipairs(view.text) do
+    if item.label then
+        ?><h2><?= item.label ?></h2><?
+    end
+    ?><pre><?= item.content ?></pre><?
+end
+-- vim: set filetype=lua :
+?>
author	Alexander Poslavsky <alexander.poslavsky@gmail.com>	2007-11-02 07:48:38 +0000
committer	Alexander Poslavsky <alexander.poslavsky@gmail.com>	2007-11-02 07:48:38 +0000
commit	2f6b7570cdf277f1c3889464fd7705b089e1eac4 (patch)
tree	296e0a730ac80a32f1ff4cd0e710484d93c9cf9b
parent	b418c71c42d0fea752d3e686d269dec0f943d31b (diff)
download	acf-shorewall-2f6b7570cdf277f1c3889464fd7705b089e1eac4.tar.bz2 acf-shorewall-2f6b7570cdf277f1c3889464fd7705b089e1eac4.tar.xz