diff options
| -rw-r--r-- | awall/model.lua | 42 | ||||
| -rw-r--r-- | awall/optfrag.lua | 35 |
2 files changed, 39 insertions, 38 deletions
diff --git a/awall/model.lua b/awall/model.lua index 0a65036..8f650ab 100644 --- a/awall/model.lua +++ b/awall/model.lua @@ -16,6 +16,7 @@ local builtin = require('awall.iptables').builtin local optfrag = require('awall.optfrag') local FAMILIES = optfrag.FAMILIES local combinations = optfrag.combinations +local prune = optfrag.prune local raise = require('awall.uerror').raise @@ -462,6 +463,8 @@ function M.Rule:combine(ofs1, ofs2, key, unique) return extend(map(ofs1, setvar('target')), map(ofs2, setvar('chain'))) end + ofs1, ofs2 = prune(ofs1, ofs2) + local chainless = filter(ofs2, function(of) return not of.chain end) local created local res = {} @@ -510,31 +513,6 @@ function M.Rule:trules() end end - local families - - local function setfamilies(ofrags) - if ofrags then - families = {} - for i, ofrag in ipairs(ofrags) do - if not ofrag.family then - families = nil - return - end - table.insert(families, ofrag.family) - end - else families = nil end - end - - local function ffilter(ofrags) - if not ofrags or not ofrags[1] or not families then return ofrags end - return filter( - ofrags, - function(of) - return not of.family or contains(families, of.family) - end - ) - end - local ofrags = self:zoneoptfrags() if self.ipset then @@ -587,26 +565,20 @@ function M.Rule:trules() tag(ofrags, 'position', self:position()) - setfamilies(ofrags) - local addrofrags = combinations( self:create(M.Zone, {addr=self.src}):optfrags(self:direction('in')), self:destoptfrags() ) - if addrofrags then - addrofrags = ffilter(addrofrags) - setfamilies(addrofrags) - ofrags = self:combine(ffilter(ofrags), addrofrags, 'address') - end + if addrofrags then ofrags = self:combine(ofrags, addrofrags, 'address') end - ofrags = self:mangleoptfrags(ofrags) + ofrags = prune(self:mangleoptfrags(ofrags), ofrags) local custom = self:customtarget() for _, ofrag in ipairs(ofrags) do setdefault(ofrag, 'target', custom or self:target()) end - ofrags = self:convertchains(ffilter(ofrags)) + ofrags = self:convertchains(ofrags) tag(ofrags, 'table', self:table(), false) local function checkzof(ofrag, dir, chains) @@ -621,7 +593,7 @@ function M.Rule:trules() end ofrags = filter( - combinations(ofrags, ffilter(optfrag.FAMILYFRAGS)), + combinations(ofrags, optfrag.FAMILYFRAGS), function(r) return self:trulefilter(r) end ) diff --git a/awall/optfrag.lua b/awall/optfrag.lua index b01672f..7fd3695 100644 --- a/awall/optfrag.lua +++ b/awall/optfrag.lua @@ -7,10 +7,15 @@ See LICENSE file for license details local M = {} +local util = require('awall.util') +local map = util.map + +local function ffrags(families) + return map(families, function(f) return {family=f} end) +end + M.FAMILIES = {'inet', 'inet6'} -M.FAMILYFRAGS = require('awall.util').map( - M.FAMILIES, function(f) return {family=f} end -) +M.FAMILYFRAGS = ffrags(M.FAMILIES) function M.combinations(of1, ...) local arg = {...} @@ -56,6 +61,30 @@ function M.combinations(of1, ...) return M.combinations(res, table.unpack(arg)) end +function M.prune(...) + local arg = {...} + local families = {} + + for i, ofrags in ipairs(arg) do + families[i] = {} + for _, ofrag in ipairs(ofrags) do + if not ofrag.family then + families[i] = false + break + end + families[i][ofrag.family] = true + end + end + + local ff + for _, f in ipairs(families) do + ff = M.combinations(ff, f and ffrags(util.keys(f)) or nil) + end + return table.unpack( + map(arg, function(ofs) return M.combinations(ofs, ff) end) + ) +end + function M.location(of) return of.family..'/'..of.table..'/'..of.chain end function M.command(of) |