1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
--[[
Iptables file dumper for Alpine Wall
Copyright (C) 2012 Kaarle Ritvanen
Licensed under the terms of GPL2
]]--
module(..., package.seeall)
require 'lpc'
require 'awall.util'
contains = awall.util.contains
local families = {inet={cmd='iptables-restore', file='rules-save'},
inet6={cmd='ip6tables-restore', file='rules6-save'}}
local builtin = {'INPUT', 'FORWARD', 'OUTPUT',
'PREROUTING', 'POSTROUTING'}
local IPTables = {}
function new()
local config = {}
setmetatable(config,
{__index=function(t, k)
t[k] = {}
setmetatable(t[k], getmetatable(t))
return t[k]
end})
local res = {config=config}
setmetatable(res, {__index=IPTables})
return res
end
function IPTables:dumpfile(family, iptfile)
iptfile:write('# '..families[family].file..' generated by awall\n')
for tbl, chains in pairs(self.config[family]) do
iptfile:write('*'..tbl..'\n')
for chain, rules in pairs(chains) do
iptfile:write(':'..chain..' '..(contains(builtin, chain) and
'DROP' or '-')..' [0:0]\n')
end
for chain, rules in pairs(chains) do
for i, rule in ipairs(rules) do
iptfile:write('-A '..chain..' '..rule..'\n')
end
end
iptfile:write('COMMIT\n')
end
end
function IPTables:test()
for family, tbls in pairs(self.config) do
local pid, stdin = lpc.run(families[family].cmd, '-t')
self:dumpfile(family, stdin)
stdin:close()
assert(lpc.wait(pid) == 0)
end
end
function IPTables:dump(dir)
for family, tbls in pairs(self.config) do
self:dumpfile(family, io.output(dir..'/'..families[family].file))
end
end
|
