diff options
| -rwxr-xr-x | awall-cli | 3 | ||||
| -rw-r--r-- | awall/init.lua | 25 | ||||
| -rw-r--r-- | awall/ipset.lua | 39 | ||||
| -rw-r--r-- | awall/iptables.lua | 23 | ||||
| -rw-r--r-- | awall/model.lua | 4 |
5 files changed, 73 insertions, 21 deletions
@@ -25,4 +25,5 @@ if testmode then awall.ipsfile = 'output/ipset' end -awall.translate() +awall.test() +awall.dump() diff --git a/awall/init.lua b/awall/init.lua index 214551a..09c35c1 100644 --- a/awall/init.lua +++ b/awall/init.lua @@ -10,6 +10,7 @@ require 'json' require 'lfs' require 'stringy' +require 'awall.ipset' require 'awall.iptables' require 'awall.model' require 'awall.util' @@ -33,9 +34,11 @@ function loadmodules(path) end -function translate() +local function readconfig() config = {} + awall.model.reset() + awall.iptables.reset() for i, dir in ipairs(confdirs) do local fnames = {} @@ -117,18 +120,16 @@ function translate() for i, trule in ipairs(rule:trules()) do insertrule(trule) end end end +end +function dump() + readconfig() + awall.ipset.dump(ipsfile) awall.iptables.dump(iptdir) +end - if config.ipset then - local ips = io.output(ipsfile) - for name, params in pairs(config.ipset) do - if not params.type then error('Type not defined for set '..name) end - local line = 'create '..name..' '..params.type - if params.family then line = line..' family '..params.family end - ips:write(line..'\n') - end - ips:close() - end - +function test() + readconfig() + awall.ipset.create() + awall.iptables.test() end diff --git a/awall/ipset.lua b/awall/ipset.lua new file mode 100644 index 0000000..baff404 --- /dev/null +++ b/awall/ipset.lua @@ -0,0 +1,39 @@ +--[[ +Ipset file dumper for Alpine Wall +Copyright (C) 2012 Kaarle Ritvanen +Licensed under the terms of GPL2 +]]-- + + +module(..., package.seeall) + +local function commands() + local config = awall.config + local res = {} + if config.ipset then + for name, params in pairs(config.ipset) do + if not params.type then error('Type not defined for set '..name) end + local line = 'create '..name..' '..params.type + if params.family then line = line..' family '..params.family end + table.insert(res, line..'\n') + end + end + return res +end + +function create() + for i, line in ipairs(commands()) do + local pid, stdin = lpc.run('ipset', '-!', 'restore') + stdin:write(line) + stdin:close() + if lpc.wait(pid) ~= 0 then + io.stderr:write('ipset command failed: '..line) + end + end +end + +function dump(ipsfile) + local file = io.output(ipsfile) + for i, line in ipairs(commands()) do file:write(line) end + file:close() +end diff --git a/awall/iptables.lua b/awall/iptables.lua index 81b5c7f..b8b6b13 100644 --- a/awall/iptables.lua +++ b/awall/iptables.lua @@ -18,13 +18,16 @@ local families = {inet={cmd='iptables-restore', file='rules-save'}, local builtin = {'INPUT', 'FORWARD', 'OUTPUT', 'PREROUTING', 'POSTROUTING'} -config = {} -setmetatable(config, - {__index=function(t, k) - t[k] = {} - setmetatable(t[k], getmetatable(t)) - return t[k] - end}) +function reset() + config = {} + setmetatable(config, + {__index=function(t, k) + t[k] = {} + setmetatable(t[k], getmetatable(t)) + return t[k] + end}) +end +reset() local function dumpfile(family, iptfile) iptfile:write('# '..families[family].file..' generated by awall\n') @@ -43,13 +46,17 @@ local function dumpfile(family, iptfile) end end -function dump(dir) +function test() for family, tbls in pairs(config) do local pid, stdin = lpc.run(families[family].cmd, '-t') dumpfile(family, stdin) stdin:close() assert(lpc.wait(pid) == 0) + end +end +function dump(dir) + for family, tbls in pairs(config) do dumpfile(family, io.output(dir..'/'..families[family].file)) end end diff --git a/awall/model.lua b/awall/model.lua index 8bf8d8b..403b617 100644 --- a/awall/model.lua +++ b/awall/model.lua @@ -360,6 +360,10 @@ function Rule:newchain(base) return base..'-'..lastid[base] end +function reset() + lastid = {} +end + classmap = {zone=Zone} |