diff options
Diffstat (limited to 'acf/modules/awall.lua')
| -rw-r--r-- | acf/modules/awall.lua | 37 |
1 files changed, 6 insertions, 31 deletions
diff --git a/acf/modules/awall.lua b/acf/modules/awall.lua index bb9cedc..76f9943 100644 --- a/acf/modules/awall.lua +++ b/acf/modules/awall.lua @@ -6,37 +6,12 @@ See LICENSE file for license details module(..., package.seeall) local M = require('acf.model') - local object = require('acf.object') -local class = object.class -local super = object.super - - -IPv4Addr = class(M.String) -function IPv4Addr:validate(context, value) - local function test(...) - if #arg ~= 4 then return true end - for _, octet in ipairs(arg) do - if tonumber(octet) > 255 then return true end - end - end - if test(string.match(value, '(%d+)%.(%d+)%.(%d+)%.(%d+)')) then - M.error.raise(context.path, 'Invalid IP address') - end -end - -Port = class(M.Integer) -function Port:validate(txn, path, value) - super(self, Port):validate(txn, path, value) - if value < 0 or value > 65535 then M.error.raise(path, 'Invalid port') end -end -PortRange = class(M.Range) -function PortRange:init() super(self, PortRange):init{type=Port} end -Direction = class(M.String) +Direction = object.class(M.String) function Direction:init() - super(self, Direction):init{choice={'in', 'out'}} + object.super(self, Direction):init{choice={'in', 'out'}} end @@ -49,7 +24,7 @@ IPSet.family = M.String{required=true, choice={'inet', 'inet6'}} Service = M.new() Service.proto = M.String{required=true} -Service.port = M.Collection{type=PortRange} +Service.port = M.Collection{type=M.Range{type=M.net.Port}} Service['icmp-type'] = M.String -- TODO fw zone @@ -93,12 +68,12 @@ Limit.log = M.Reference{scope='../../../log'} FilterRule = M.new(PolicyRule) FilterRule['conn-limit'] = Limit FilterRule['flow-limit'] = Limit -FilterRule.dnat = IPv4Addr +FilterRule.dnat = M.net.IPv4Address FilterRule['no-track'] = M.Boolean{default=false} NATRule = M.new(Rule) -NATRule['to-addr'] = M.Range{type=IPv4Addr} -NATRule['to-port'] = PortRange +NATRule['to-addr'] = M.Range{type=M.net.IPv4Address} +NATRule['to-port'] = M.Range{type=M.net.Port} MarkRule = M.new(Rule) MarkRule.mark = M.Integer{required=true} |