diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2016-07-30 14:05:17 +0300 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2016-07-30 14:05:17 +0300 |
| commit | 27e02c3343181f5013a16cfc9c8b6c31faaa8d57 (patch) | |
| tree | 5a7922aa38701ad35a0cc1ca37ef5dc50dac90da | |
| parent | 4ff16c6874eae2191c2b729a11501c563a9aace9 (diff) | |
| download | awall-27e02c3343181f5013a16cfc9c8b6c31faaa8d57.tar.bz2 awall-27e02c3343181f5013a16cfc9c8b6c31faaa8d57.tar.xz | |
TTL adjustment rules
| -rw-r--r-- | README.md | 11 | ||||
| -rw-r--r-- | awall/modules/ttl.lua | 39 |
2 files changed, 50 insertions, 0 deletions
@@ -472,6 +472,17 @@ attribute named **classify**, must specify the class using the **class** attribute. These rules apply to the both directions of the matching traffic. +#### TTL Adjustment Rules + +TTL adjustment rules are used to set the TTL field of the IPv4 packets +matching the specified criteria. The TTL adjustment rules are contained +in the top-level list attribute named **ttl** and define an attribute +named **ttl**. If the value is a non-negative integer, the TTL of the +packet is set to the value. If it is a negative integer, the TTL value +is decremented accordingly. The TTL value can be incremented by a +constant by setting the attribute value to a string representing a +positive integer, prepended with the plus sign (**+**). + #### Transparent Proxy Rules Transparent proxy rules divert the matching packets to a local proxy diff --git a/awall/modules/ttl.lua b/awall/modules/ttl.lua new file mode 100644 index 0000000..3a1da36 --- /dev/null +++ b/awall/modules/ttl.lua @@ -0,0 +1,39 @@ +--[[ +TTL adjustment module for Alpine Wall +Copyright (C) 2012-2016 Kaarle Ritvanen +See LICENSE file for license details +]]-- + + +local model = require('awall.model') + + +local TTLRule = model.class(model.Rule) + +function TTLRule:trules() + local res = {} + for _, rule in ipairs(TTLRule.super(self):trules()) do + if rule.family == 'inet' then table.insert(res, rule) end + end + return res +end + +function TTLRule:table() return 'mangle' end + +function TTLRule:target() + if not self.ttl then self:error('TTL not specified') end + + if type(self.ttl) == 'string' then + if self.ttl:sub(1, 1) == '+' then + return 'TTL --ttl-inc '..self.ttl:sub(2, -1) + else self.ttl = tonumber(self.ttl) end + end + if type(self.ttl) ~= 'number' then + self:error('Invalid TTL specification') + end + + return 'TTL --ttl-'..(self.ttl < 0 and 'dec' or 'set')..' '.. + math.abs(self.ttl) +end + +return {export={ttl={class=TTLRule}}} |