diff options
| -rw-r--r-- | awall/init.lua | 23 | ||||
| -rw-r--r-- | awall/model.lua | 10 |
2 files changed, 27 insertions, 6 deletions
diff --git a/awall/init.lua b/awall/init.lua index 0266c82..76725c7 100644 --- a/awall/init.lua +++ b/awall/init.lua @@ -11,7 +11,10 @@ local class = require('awall.class') local resolve = require('awall.dependency') local IPSet = require('awall.ipset') local IPTables = require('awall.iptables').IPTables + local optfrag = require('awall.optfrag') +local combinations = optfrag.combinations + M.PolicySet = require('awall.policy') local util = require('awall.util') @@ -21,7 +24,7 @@ local extend = util.extend local posix = require('posix') local chdir = posix.chdir -local endswith = require('stringy').endswith +local stringy = require('stringy') local events @@ -82,7 +85,7 @@ function M.Config:init(policyconfig) local actions = {} - local function insertrules(trules) + local function insertrules(trules, obj) for i, trule in ipairs(trules) do local t = self.iptables.config[trule.family][trule.table][trule.chain] local opts = optfrag.command(trule) @@ -96,7 +99,19 @@ function M.Config:init(policyconfig) local key = optfrag.location(acfrag) if not actions[key] then actions[key] = true - insertrules(optfrag.combinations(achains, {acfrag})) + if stringy.startswith(trule.target, 'custom:') then + local name = trule.target:sub(8, -1) + local rules = (self.objects.custom or {})[name] + if not rules then + obj:error('Invalid custom chain: '..name) + end + insertrules( + combinations( + {{chain=trule.target}}, util.list(rules), {acfrag} + ), + rules + ) + else insertrules(combinations(achains, {acfrag})) end end end @@ -135,7 +150,7 @@ function M.Config:init(policyconfig) end elseif self.objects[event] then for i, rule in ipairs(self.objects[event]) do - insertrules(rule:trules()) + insertrules(rule:trules(), rule) end end end diff --git a/awall/model.lua b/awall/model.lua index 3ef5a3d..ca65e99 100644 --- a/awall/model.lua +++ b/awall/model.lua @@ -609,7 +609,9 @@ end function M.Rule:customtarget() if self.action then local as = self.action:sub(1, 1) - if as == as:upper() then return self.action end + if as == as:upper() or startswith(self.action, 'custom:') then + return self.action + end end end @@ -718,6 +720,10 @@ function M.Limit:limitofrags(name) end -M.export = {zone={class=M.Zone}, ipset={class=IPSet, before='%modules'}} +M.export = { + custom={class=M.ConfigObject}, + ipset={class=IPSet, before='%modules'}, + zone={class=M.Zone} +} return M |