aboutsummaryrefslogtreecommitdiffstats
path: root/awall/iptables.lua
diff options
context:
space:
mode:
Diffstat (limited to 'awall/iptables.lua')
-rw-r--r--awall/iptables.lua10
1 files changed, 6 insertions, 4 deletions
diff --git a/awall/iptables.lua b/awall/iptables.lua
index b893cf3..67ad84c 100644
--- a/awall/iptables.lua
+++ b/awall/iptables.lua
@@ -31,7 +31,7 @@ local families = {
}
}
-M.builtin = {
+local builtin = {
filter={'FORWARD', 'INPUT', 'OUTPUT'},
mangle={'FORWARD', 'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING'},
nat={'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING'},
@@ -56,6 +56,8 @@ end
function M.isenabled() return #actfamilies() > 0 end
+function M.isbuiltin(tbl, chain) return util.contains(builtin[tbl], chain) end
+
local BaseIPTables = class()
@@ -124,7 +126,7 @@ function M.IPTables:dumpfile(family, iptfile)
local chains = tables[tbl]
for _, chain in sortedkeys(chains) do
local policy = '-'
- if util.contains(M.builtin[tbl], chain) then
+ if M.isbuiltin(tbl, chain) then
policy = tbl == 'filter' and 'DROP' or 'ACCEPT'
end
iptfile:write(':'..chain..' '..policy..' [0:0]\n')
@@ -170,8 +172,8 @@ function M.flush()
local empty = M.IPTables()
for _, family in pairs(actfamilies()) do
for tbl in io.lines(families[family].procfile) do
- if M.builtin[tbl] then
- for _, chain in ipairs(M.builtin[tbl]) do
+ if builtin[tbl] then
+ for _, chain in ipairs(builtin[tbl]) do
empty.config[family][tbl][chain] = {}
end
else printmsg('Warning: not flushing unknown table: '..tbl) end
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-12 21:46:54 +0000