aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--awall/iptables.lua10
-rw-r--r--awall/model.lua7
2 files changed, 8 insertions, 9 deletions
diff --git a/awall/iptables.lua b/awall/iptables.lua
index b893cf3..67ad84c 100644
--- a/awall/iptables.lua
+++ b/awall/iptables.lua
@@ -31,7 +31,7 @@ local families = {
}
}
-M.builtin = {
+local builtin = {
filter={'FORWARD', 'INPUT', 'OUTPUT'},
mangle={'FORWARD', 'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING'},
nat={'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING'},
@@ -56,6 +56,8 @@ end
function M.isenabled() return #actfamilies() > 0 end
+function M.isbuiltin(tbl, chain) return util.contains(builtin[tbl], chain) end
+
local BaseIPTables = class()
@@ -124,7 +126,7 @@ function M.IPTables:dumpfile(family, iptfile)
local chains = tables[tbl]
for _, chain in sortedkeys(chains) do
local policy = '-'
- if util.contains(M.builtin[tbl], chain) then
+ if M.isbuiltin(tbl, chain) then
policy = tbl == 'filter' and 'DROP' or 'ACCEPT'
end
iptfile:write(':'..chain..' '..policy..' [0:0]\n')
@@ -170,8 +172,8 @@ function M.flush()
local empty = M.IPTables()
for _, family in pairs(actfamilies()) do
for tbl in io.lines(families[family].procfile) do
- if M.builtin[tbl] then
- for _, chain in ipairs(M.builtin[tbl]) do
+ if builtin[tbl] then
+ for _, chain in ipairs(builtin[tbl]) do
empty.config[family][tbl][chain] = {}
end
else printmsg('Warning: not flushing unknown table: '..tbl) end
diff --git a/awall/model.lua b/awall/model.lua
index bc3deb2..eea654e 100644
--- a/awall/model.lua
+++ b/awall/model.lua
@@ -12,7 +12,7 @@ local loadclass = require('awall').loadclass
M.class = require('awall.class')
local FAMILIES = require('awall.family').ALL
local resolvelist = require('awall.host').resolvelist
-local builtin = require('awall.iptables').builtin
+local isbuiltin = require('awall.iptables').isbuiltin
local optfrag = require('awall.optfrag')
local combinations = optfrag.combinations
@@ -619,10 +619,7 @@ function M.Rule:convertchains(ofrags)
local res = {}
for _, ofrag in ipairs(ofrags) do
-
- if contains(builtin[self:table()], ofrag.chain) then
- table.insert(res, ofrag)
-
+ if isbuiltin(self:table(), ofrag.chain) then table.insert(res, ofrag)
else
local ofs, recursive
if ofrag.chain == 'PREROUTING' then
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-12 19:55:46 +0000