diff options
| -rw-r--r-- | awall/modules/filter.lua | 12 | ||||
| -rw-r--r-- | awall/modules/log.lua | 35 |
2 files changed, 31 insertions, 16 deletions
diff --git a/awall/modules/filter.lua b/awall/modules/filter.lua index a2e116a..ae26a7d 100644 --- a/awall/modules/filter.lua +++ b/awall/modules/filter.lua @@ -120,7 +120,11 @@ end function LoggingRule:logchain(log, action, target) if not log then return {}, target end local chain = self:uniqueid('log'..action) - return combinations({{chain=chain}}, {log:optfrag(), {target=target}}), chain + + local ofrags = log:optfrags() + table.insert(ofrags, {target=target}) + + return combinations({{chain=chain}}, ofrags), chain end function LoggingRule:extraoptfrags() @@ -314,9 +318,7 @@ function Filter:extraoptfrags() ofrags, logch = self:logchain(limitlog, 'drop', 'DROP') limitofs = combinations(uofs, {{target=logch}}) - if accept and self.log then - table.insert(limitofs, self.log:optfrag()) - end + if accept and self.log then extend(limitofs, self.log:optfrags()) end extend( limitofs, combinations(sofs, {{target=accept and 'ACCEPT' or nil}}) ) @@ -329,7 +331,7 @@ function Filter:extraoptfrags() limitofs = combinations( limitobj:limitofrags(limitchain), {{target=logch}} ) - if limitlog then table.insert(limitofs, limitlog:optfrag()) end + if limitlog then extend(limitofs, limitlog:optfrags()) end table.insert(limitofs, {target='DROP'}) end diff --git a/awall/modules/log.lua b/awall/modules/log.lua index eba6cd5..a4ce1e5 100644 --- a/awall/modules/log.lua +++ b/awall/modules/log.lua @@ -9,12 +9,21 @@ local model = require('awall.model') local class = model.class local combinations = require('awall.optfrag').combinations +local setdefault = require('awall.util').setdefault + + +local LogLimit = class(model.Limit) + +function LogLimit:init(...) + setdefault(self, 'mask', 0) + LogLimit.super(self):init(...) +end local Log = class(model.ConfigObject) -function Log:matchofrag() - local selector, opts +function Log:matchofrags() + local selector, ofrags for i, sel in ipairs{'every', 'limit', 'probability'} do local value = self[sel] @@ -25,16 +34,22 @@ function Log:matchofrag() selector = sel if sel == 'every' then - opts = '-m statistic --mode nth --every '..value..' --packet 0' + ofrags = { + {opts='-m statistic --mode nth --every '..value..' --packet 0'} + } elseif sel == 'limit' then - opts = '-m limit --limit '..value..'/second' + ofrags = self:create(LogLimit, value, 'loglimit'):limitofrags() elseif sel == 'probability' then - opts = '-m statistic --mode random --probability '..value + ofrags = {{opts='-m statistic --mode random --probability '..value}} else assert(false) end end end - return {family=self.mode == 'ulog' and 'inet' or nil, opts=opts} + if self.mode == 'ulog' then + ofrags = combinations({{family='inet'}}, ofrags) + end + + return ofrags end function Log:target() @@ -64,10 +79,8 @@ function Log:target() return res end -function Log:optfrag() - local res = self:matchofrag() - res.target = self:target() - return res +function Log:optfrags() + return combinations(self:matchofrags(), {{target=self:target()}}) end function Log.get(rule, spec, default) @@ -89,7 +102,7 @@ function LogRule:position() return 'prepend' end function LogRule:servoptfrags() return combinations( - LogRule.super(self):servoptfrags(), {self.log:matchofrag()} + LogRule.super(self):servoptfrags(), self.log:matchofrags() ) end |