diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2012-03-16 09:20:54 +0000 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2012-03-16 09:20:54 +0000 |
| commit | 3b9746f7d67b34e7fbfdda10f63fb2d60813c31d (patch) | |
| tree | 38c8a5009a81075a272a41bd9e34b1046ccf6e1f | |
| parent | af3b5a48cd65b6c47d48187c262a207ccece982b (diff) | |
| download | awall-3b9746f7d67b34e7fbfdda10f63fb2d60813c31d.tar.bz2 awall-3b9746f7d67b34e7fbfdda10f63fb2d60813c31d.tar.xz | |
multiple ipsets per rule
| -rw-r--r-- | awall/model.lua | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/awall/model.lua b/awall/model.lua index 0f37b59..92cb471 100644 --- a/awall/model.lua +++ b/awall/model.lua @@ -276,19 +276,23 @@ function Rule:trules() local res = self:zoneoptfrags() if self.ipset then - if not self.ipset.name then error('Set name not defined') end - if not self.ipset.args then - error('Set direction arguments not defined') - end + local ipsetofrags = {} + for i, ipset in util.listpairs(self.ipset) do + if not ipset.name then error('Set name not defined') end + if not ipset.args then + error('Set direction arguments not defined') + end - local setopts = '-m set --match-set '..self.ipset.name..' ' - for i, arg in util.listpairs(self.ipset.args) do - if i > 1 then setopts = setopts..',' end - if arg == 'in' then setopts = setopts..'src' - elseif arg == 'out' then setopts = setopts..'dst' - else error('Invalid set direction argument') end + local setopts = '-m set --match-set '..ipset.name..' ' + for i, arg in util.listpairs(ipset.args) do + if i > 1 then setopts = setopts..',' end + if arg == 'in' then setopts = setopts..'src' + elseif arg == 'out' then setopts = setopts..'dst' + else error('Invalid set direction argument') end + end + table.insert(ipsetofrags, {opts=setopts}) end - res = combinations(res, {{opts=setopts}}) + res = combinations(res, ipsetofrags) end if self.ipsec then |