aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2014-03-31 16:31:42 +0300
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2014-03-31 16:31:54 +0300
commit26bf38cd2e24b2d6c352d6c9bb61310ec72fd404 (patch)
treecc7fe16ddcd1431c7a1a41e962750ff41bf9ce96
parentb2a61c87b757f989c8c76c31ee3580f4dce1a111 (diff)
downloadawall-26bf38cd2e24b2d6c352d6c9bb61310ec72fd404.tar.bz2
awall-26bf38cd2e24b2d6c352d6c9bb61310ec72fd404.tar.xz
include/exclude actions in dnat, snat, and no-track rules
Diffstat
-rw-r--r--awall/model.lua13
-rw-r--r--awall/modules/filter.lua4
-rw-r--r--awall/modules/nat.lua20
-rw-r--r--awall/modules/notrack.lua5
4 files changed, 25 insertions, 17 deletions
diff --git a/awall/model.lua b/awall/model.lua
index 90fb26f..0ab60fd 100644
--- a/awall/model.lua
+++ b/awall/model.lua
@@ -341,9 +341,16 @@ function Rule:table() return 'filter' end
function Rule:position() return 'append' end
function Rule:target()
- if not self.action then self:error('Action not defined') end
- if self.action == 'accept' then return 'ACCEPT' end
- self:error('Invalid action: '..self.action)
+ -- alpine v2.7 compatibility
+ if self.action == 'accept' then
+ self:warning("'accept' action deprecated in favor of 'exclude'")
+ self.action = 'exclude'
+ end
+
+ if self.action == 'exclude' then return 'ACCEPT' end
+ if self.action and self.action ~= 'include' then
+ self:error('Invalid action: '..self.action)
+ end
end
diff --git a/awall/modules/filter.lua b/awall/modules/filter.lua
index a5e2ff2..15bac49 100644
--- a/awall/modules/filter.lua
+++ b/awall/modules/filter.lua
@@ -176,10 +176,10 @@ end
function Filter:actiontarget()
if self.action == 'tarpit' then return 'tarpit' end
- if util.contains({'drop', 'reject'}, self.action) then
+ if util.contains({'accept', 'drop', 'reject'}, self.action) then
return string.upper(self.action)
end
- return model.Rule.target(self)
+ self:error('Invalid filter action: '..self.action)
end
function Filter:target()
diff --git a/awall/modules/nat.lua b/awall/modules/nat.lua
index 8eefc72..4d2ba42 100644
--- a/awall/modules/nat.lua
+++ b/awall/modules/nat.lua
@@ -1,6 +1,6 @@
--[[
NAT module for Alpine Wall
-Copyright (C) 2012-2013 Kaarle Ritvanen
+Copyright (C) 2012-2014 Kaarle Ritvanen
See LICENSE file for license details
]]--
@@ -41,17 +41,19 @@ end
function NATRule:table() return 'nat' end
function NATRule:target()
- if self.action then return model.Rule.target(self) end
+ local target = model.Rule.target(self)
- local addr = self['to-addr']
- local target
- if addr then
- target = self.params.target..' --to-'..self.params.subject..' '..addr
- else target = self.params.deftarget end
+ if not target then
+ local addr = self['to-addr']
+ if addr then
+ target = self.params.target..' --to-'..self.params.subject..' '..addr
+ else target = self.params.deftarget end
- if self['to-port'] then
- target = target..(addr and ':' or ' --to-ports ')..self['to-port']
+ if self['to-port'] then
+ target = target..(addr and ':' or ' --to-ports ')..self['to-port']
+ end
end
+
return target
end
diff --git a/awall/modules/notrack.lua b/awall/modules/notrack.lua
index 7aef96f..0a2d402 100644
--- a/awall/modules/notrack.lua
+++ b/awall/modules/notrack.lua
@@ -1,6 +1,6 @@
--[[
Connection tracking bypass module for Alpine Wall
-Copyright (C) 2012-2013 Kaarle Ritvanen
+Copyright (C) 2012-2014 Kaarle Ritvanen
See LICENSE file for license details
]]--
@@ -17,8 +17,7 @@ local NoTrackRule = model.class(model.Rule)
function NoTrackRule:table() return 'raw' end
function NoTrackRule:target()
- if self.action then return model.Rule.target(self) end
- return 'CT --notrack'
+ return model.Rule.target(self) or 'CT --notrack'
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-12 21:48:36 +0000