diff options
| -rwxr-xr-x | awall-cli | 54 | ||||
| -rw-r--r-- | awall/init.lua | 2 | ||||
| -rw-r--r-- | awall/ipset.lua | 4 | ||||
| -rw-r--r-- | awall/iptables.lua | 6 |
4 files changed, 52 insertions, 14 deletions
@@ -66,6 +66,16 @@ Dump variable and zone definitions: Verbosity level is an integer in range 0-5 and defaults to 0. +Show difference between modified and saved configurations: + awall diff [-o|--output <dir>] + + Displays the difference in the input policy files and generated + output files since the last 'translate' or 'activate' command. + + When the --output option is used, the updated configuration is + compared to the generated files in the specified directory + (generated by the equivalent 'translate' command). + ]]) os.exit(1) end @@ -109,7 +119,8 @@ if not contains( 'enable', 'disable', 'list', - 'dump' + 'dump', + 'diff' }, mode ) then help() end @@ -191,9 +202,7 @@ if not call( end - local iptables = require('awall.iptables') - - if mode == 'dump' then + local function dump(level) local json = require('cjson') local expinput = input:expand() @@ -206,7 +215,7 @@ if not call( {'variable', 'zone'}, cls ) then - if level == 0 then print(capitalize(cls)..'s:') end + if level == 0 then io.write(capitalize(cls)..'s:\n') end local clsdata = input.data[cls] local items = {} @@ -245,17 +254,45 @@ if not call( util.printtabulars( util.map(items, function(x) return x[2] end) ) - print() + io.write('\n') end end end if level > 4 then config:print() end + end + + local function filedump(file) + io.output(file) + dump(5) + end + + local sysdumpfile = '/var/lib/misc/awall' + local dumpfile = outputdir and outputdir..'/dump' or sysdumpfile + + local iptables = require('awall.iptables') + + + if mode == 'dump' then dump(level) + + elseif mode == 'diff' then + local pid, stdin, stdout = lpc.run( + 'diff', '-w', '--', dumpfile, '/proc/self/fd/0' + ) + + filedump(stdin) + stdin:close() + + lpc.wait(pid) + io.stdout:write(stdout:read('*all')) + stdout:close() + elseif mode == 'translate' then if verify then config:test() end - config:dump(outputdir) - + config:dump(outputdir) + filedump(dumpfile) + elseif mode == 'activate' then local lpc = require('lpc') @@ -316,6 +353,7 @@ if not call( end config:dump() + filedump(sysdumpfile) else if not force then kill() end diff --git a/awall/init.lua b/awall/init.lua index 74bf0ad..42b25e6 100644 --- a/awall/init.lua +++ b/awall/init.lua @@ -138,7 +138,7 @@ end function M.Config:print() self.ipset:print() - print() + io.write('\n') self.iptables:print() end diff --git a/awall/ipset.lua b/awall/ipset.lua index 5f4423e..8a3e041 100644 --- a/awall/ipset.lua +++ b/awall/ipset.lua @@ -30,8 +30,8 @@ end function IPSet:print() for _, name in sortedkeys(self.config) do - self:dumpfile(name, io.stdout) - io.stdout:write('\n') + self:dumpfile(name, io.output()) + io.write('\n') end end diff --git a/awall/iptables.lua b/awall/iptables.lua index fccdd80..ef53706 100644 --- a/awall/iptables.lua +++ b/awall/iptables.lua @@ -40,14 +40,14 @@ local BaseIPTables = class() function BaseIPTables:print() for _, family in sortedkeys(families) do - self:dumpfile(family, io.stdout) - print() + self:dumpfile(family, io.output()) + io.write('\n') end end function BaseIPTables:dump(dir) for family, tbls in pairs(families) do - local file = io.output(dir..'/'..families[family].file) + local file = io.open(dir..'/'..families[family].file, 'w') self:dumpfile(family, file) file:close() end |