From 7afdb563b208459bb308c7ffc4f671ee23b0ca26 Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Fri, 31 May 2013 14:05:17 +0300 Subject: new data type: List --- acf/modules/awall.lua | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) (limited to 'acf/modules/awall.lua') diff --git a/acf/modules/awall.lua b/acf/modules/awall.lua index 91b6a84..9e456da 100644 --- a/acf/modules/awall.lua +++ b/acf/modules/awall.lua @@ -28,7 +28,7 @@ IPSet.range = M.Range{type=M.net.IPv4Address} local Service = M.new() Service.proto = M.String{required=true, ui_name='Protocol'} -Service.port = M.Collection{type=M.Range{type=M.net.Port}} +Service.port = M.Set{type=M.Range{type=M.net.Port}} Service['icmp-type'] = M.String{ui_name='ICMP type'} Service['ct-helper'] = M.String{ui_name='Connection tracking helper'} @@ -51,22 +51,22 @@ LogClass.threshold = M.Integer local IPSetReference = M.new() IPSetReference.name = M.Reference{scope='../../../ipset', required=true} -IPSetReference.args = M.Collection{ +IPSetReference.args = M.List{ type=Direction, required=true, ui_name='Arguments' } local Rule = M.new() -Rule['in'] = M.Collection{ +Rule['in'] = M.Set{ type=M.Reference{scope='../../../zone'}, ui_name='Ingess zones' } -Rule.out = M.Collection{ +Rule.out = M.Set{ type=M.Reference{scope='../../../zone'}, ui_name='Egress zones' } -Rule.src = M.Collection{type=M.String, ui_name='Sources'} -Rule.dest = M.Collection{type=M.String, ui_name='Destinations'} +Rule.src = M.Set{type=M.String, ui_name='Sources'} +Rule.dest = M.Set{type=M.String, ui_name='Destinations'} Rule.ipset = M.Model{model=IPSetReference, ui_name='IP set'} Rule.ipsec = Direction{ui_name='Require IPsec'} -Rule.service = M.Collection{type=M.Reference{scope='../../../service'}} +Rule.service = M.Set{type=M.Reference{scope='../../../service'}} Rule.action = M.String{choice={'accept'}} @@ -89,7 +89,7 @@ FilterRule['conn-limit'] = M.Model{model=Limit, ui_name='Connection limit'} FilterRule['flow-limit'] = M.Model{model=Limit, ui_name='Flow limit'} FilterRule.dnat = M.net.IPv4Address{ui_name='DNAT target'} FilterRule['no-track'] = M.Boolean{default=false, ui_name='CT bypass'} -FilterRule.related = M.Collection{type=Rule, ui_name='Related packet rules'} +FilterRule.related = M.List{type=Rule, ui_name='Related packet rules'} local DivertRule = M.new(Rule) DivertRule['to-port'] = M.Range{type=M.net.Port, ui_name='Target port'} @@ -106,40 +106,36 @@ ClampMSSRule.mss = M.Integer{ui_name='MSS'} local AWall = M.new() -- TODO differentiate lists? -AWall.service = M.Collection{type=M.Collection{type=Service}} +AWall.service = M.Collection{type=M.List{type=Service}} AWall.zone = M.Collection{type=Zone} AWall.log = M.Collection{ type=LogClass, ui_name='Log classes', ui_member='Log class' } -AWall.policy = M.Collection{ - type=PolicyRule, ui_name='Policies', ui_member='Policy' -} -AWall['packet-log'] = M.Collection{ +AWall.policy = M.List{type=PolicyRule, ui_name='Policies', ui_member='Policy'} +AWall['packet-log'] = M.List{ type=PacketLogRule, ui_name='Logging', ui_member='Logging rule' } -AWall.filter = M.Collection{type=FilterRule} -AWall.dnat = M.Collection{type=NATRule, ui_name='DNAT', ui_member='DNAT rule'} -AWall.snat = M.Collection{type=NATRule, ui_name='SNAT', ui_member='SNAT rule'} -AWall.mark = M.Collection{ +AWall.filter = M.List{type=FilterRule} +AWall.dnat = M.List{type=NATRule, ui_name='DNAT', ui_member='DNAT rule'} +AWall.snat = M.List{type=NATRule, ui_name='SNAT', ui_member='SNAT rule'} +AWall.mark = M.List{ type=MarkRule, ui_name='Packet marking', ui_member='Packet marking rule' } -AWall['route-track'] = M.Collection{ +AWall['route-track'] = M.List{ type=MarkRule, ui_name='Route tracking', ui_member='Route tracking rule' } -AWall.tproxy = M.Collection{ +AWall.tproxy = M.List{ type=DivertRule, ui_name='Transparent proxy', ui_member='Transparent proxy rule' } -AWall['clamp-mss'] = M.Collection{ +AWall['clamp-mss'] = M.List{ type=ClampMSSRule, ui_name='MSS clamping', ui_member='MSS clamping rule' } -AWall['no-track'] = M.Collection{ +AWall['no-track'] = M.List{ type=Rule, ui_name='CT bypass', ui_member='Connection tracking bypass rule' } -AWall.ipset = M.Collection{ - type=IPSet, ui_name='IP sets', ui_member='IP set' -} +AWall.ipset = M.Collection{type=IPSet, ui_name='IP sets', ui_member='IP set'} M.register( 'awall', -- cgit v1.2.3