diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2012-03-22 11:44:59 +0000 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2012-03-22 11:44:59 +0000 |
| commit | 42909321d7cab06239486e9041490386f4bd6dc1 (patch) | |
| tree | 19f408eb852b50ef97c9de095e37696116fe0e93 | |
| parent | 9825fc4d4e098c48de28eddbd0110dd42d196945 (diff) | |
| download | awall-42909321d7cab06239486e9041490386f4bd6dc1.tar.bz2 awall-42909321d7cab06239486e9041490386f4bd6dc1.tar.xz | |
iptables module: use class model, new class for run-time backups
| -rw-r--r-- | awall/init.lua | 2 | ||||
| -rw-r--r-- | awall/iptables.lua | 64 |
2 files changed, 47 insertions, 19 deletions
diff --git a/awall/init.lua b/awall/init.lua index 93810e3..fa5c3e5 100644 --- a/awall/init.lua +++ b/awall/init.lua @@ -35,7 +35,7 @@ Config = awall.object.class(awall.object.Object) function Config:init(confdirs) self.input = {} - self.iptables = awall.iptables.new() + self.iptables = awall.iptables.IPTables.new() for i, dir in ipairs(confdirs or {'/usr/share/awall', '/etc/awall'}) do local fnames = {} diff --git a/awall/iptables.lua b/awall/iptables.lua index 67ed7a1..e127e96 100644 --- a/awall/iptables.lua +++ b/awall/iptables.lua @@ -9,29 +9,47 @@ module(..., package.seeall) require 'lpc' +require 'awall.object' require 'awall.util' -contains = awall.util.contains -local families = {inet={cmd='iptables-restore', file='rules-save'}, - inet6={cmd='ip6tables-restore', file='rules6-save'}} +local class = awall.object.class +local contains = awall.util.contains + + +local families = {inet={cmd='iptables', file='rules-save'}, + inet6={cmd='ip6tables', file='rules6-save'}} local builtin = {'INPUT', 'FORWARD', 'OUTPUT', 'PREROUTING', 'POSTROUTING'} -local IPTables = {} -function new() - local config = {} - setmetatable(config, +local BaseIPTables = class(awall.object.Object) + +function BaseIPTables:restore(...) + for family, params in pairs(families) do + local pid, stdin, stdout = lpc.run(params.cmd..'-restore', unpack(arg)) + stdout:close() + self:dumpfile(family, stdin) + stdin:close() + assert(lpc.wait(pid) == 0) + end +end + +function BaseIPTables:activate() self:restore() end + +function BaseIPTables:test() self:restore('-t') end + + +IPTables = class(BaseIPTables) + +function IPTables:init() + self.config = {} + setmetatable(self.config, {__index=function(t, k) t[k] = {} setmetatable(t[k], getmetatable(t)) return t[k] end}) - - local res = {config=config} - setmetatable(res, {__index=IPTables}) - return res end function IPTables:dumpfile(family, iptfile) @@ -51,17 +69,27 @@ function IPTables:dumpfile(family, iptfile) end end -function IPTables:test() +function IPTables:dump(dir) for family, tbls in pairs(self.config) do - local pid, stdin = lpc.run(families[family].cmd, '-t') - self:dumpfile(family, stdin) + self:dumpfile(family, io.output(dir..'/'..families[family].file)) + end +end + + +Backup = class(BaseIPTables) + +function Backup:init() + for family, params in pairs(families) do + self[family] = io.tmpfile() + local pid, stdin, stdout = lpc.run(params.cmd..'-save') stdin:close() + for line in stdout:lines() do self[family]:write(line..'\n') end + stdout:close() assert(lpc.wait(pid) == 0) end end -function IPTables:dump(dir) - for family, tbls in pairs(self.config) do - self:dumpfile(family, io.output(dir..'/'..families[family].file)) - end +function Backup:dumpfile(family, iptfile) + self[family]:seek('set') + for line in self[family]:lines() do iptfile:write(line..'\n') end end |