multiple configuration files, service definitions

author: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2012-02-16 13:46:27 +0000
committer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2012-02-16 13:46:27 +0000
commit: 20d2c9ec926e5eff31fe34b606c0ce68609a3476 (patch)
tree: 9e2c6c703913201b077e381b6bb72e8a1f23f80a
parent: 16e25b4f23caa84d9cc7071d9bf9995bca7a4148 (diff)
download: awall-20d2c9ec926e5eff31fe34b606c0ce68609a3476.tar.bz2
awall-20d2c9ec926e5eff31fe34b606c0ce68609a3476.tar.xz
2 files changed, 41 insertions, 4 deletions
diff --git a/awall/init.lua b/awall/init.lua
index d083507..7290109 100644
--- a/awall/init.lua
+++ b/awall/init.lua
@@ -7,6 +7,7 @@ Licensed under the terms of GPL2
 module(..., package.seeall)
 
 require 'json'
+require 'lfs'
 
 require 'awall.iptables'
 require 'awall.util'
@@ -14,7 +15,9 @@ require 'awall.util'
 
 local modules = {}
 
-local modpath = arg[0] == '/usr/sbin/awall' and '/usr/share/lua/5.1' or '.'
+local testmode = arg[0] ~= '/usr/sbin/awall'
+
+local modpath = testmode and '.' or '/usr/share/lua/5.1'
 for line in io.popen('cd '..modpath..' && ls awall/model.lua awall/modules/*.lua'):lines() do
    local name = string.gsub(string.sub(line, 1, -5), '/', '.')
    require(name)
@@ -24,9 +27,28 @@ end
 
 function translate()
 
-   local data = ''
-   for line in io.lines('config.json') do data = data..line end
-   config = json.decode(data)
+   config = {}
+
+   local confdirs = testmode and {'config'} or {'/usr/share/awall',
+						'/etc/awall'}
+
+   for i, dir in ipairs(confdirs) do
+      for fname in lfs.dir(dir) do
+	 if string.sub(fname, 1, 1) ~= '.' then
+	    local data = ''
+	    for line in io.lines(dir..'/'..fname) do data = data..line end
+	    data = json.decode(data)
+	    
+	    for cls, objs in pairs(data) do
+	       if not config[cls] then config[cls] = objs
+	       elseif objs[1] then util.extend(config[cls], objs)
+	       else
+		  for k, v in pairs(objs) do config[cls][k] = v end
+	       end
+	    end
+	 end
+      end
+   end
 
    function insertrule(trule)
       local t = awall.iptables.config[trule.family][trule.table][trule.chain]
diff --git a/services.json b/services.json
new file mode 100644
index 0000000..78a2003
--- /dev/null
+++ b/services.json
@@ -0,0 +1,15 @@
+{
+  "service": {
+    "dns": [
+      { "proto": "udp", "port": 53 },
+      { "proto": "tcp", "port": 53 }
+    ],
+    "gre": { "proto": "gre" },
+    "icmp": { "proto": "icmp" },
+    "ipsec": [
+      { "proto": "esp" },
+      { "proto": "udp", "port": [ 500, 4500 ] }
+    ],
+    "ssh": { "proto": "tcp", "port": 22 }
+  }
+}
author	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2012-02-16 13:46:27 +0000
committer	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2012-02-16 13:46:27 +0000
commit	20d2c9ec926e5eff31fe34b606c0ce68609a3476 (patch)
tree	9e2c6c703913201b077e381b6bb72e8a1f23f80a
parent	16e25b4f23caa84d9cc7071d9bf9995bca7a4148 (diff)
download	awall-20d2c9ec926e5eff31fe34b606c0ce68609a3476.tar.bz2 awall-20d2c9ec926e5eff31fe34b606c0ce68609a3476.tar.xz