diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2012-08-24 11:51:51 +0000 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2012-08-24 11:51:51 +0000 |
| commit | 0ae7ea3188afd7b1e03ca5d31fd9b85503a79f21 (patch) | |
| tree | 57a89f960e3bf068039ed30394448f448c763fe1 | |
| parent | fef090cc803e7cc7bbce04fbf5787fea169f8114 (diff) | |
| download | awall-0ae7ea3188afd7b1e03ca5d31fd9b85503a79f21.tar.bz2 awall-0ae7ea3188afd7b1e03ca5d31fd9b85503a79f21.tar.xz | |
generate separate file for each ipsetv0.2.6
do not overwrite existing ipset files
| -rwxr-xr-x | awall-cli | 6 | ||||
| -rw-r--r-- | awall/init.lua | 6 | ||||
| -rw-r--r-- | awall/ipset.lua | 56 |
3 files changed, 37 insertions, 31 deletions
@@ -89,9 +89,7 @@ opts, opind = alt_getopt.get_opts(arg, short_opts, long_opts) for switch, value in pairs(opts) do if switch == 'f' then force = true elseif switch == 'V' then verify = true - elseif switch == 'o' then - iptdir = value - ipsfile = value..'/ipset' + elseif switch == 'o' then outputdir = value else table.insert(params[switch], value) end end @@ -192,7 +190,7 @@ if mode == 'dump' then elseif mode == 'translate' then if verify then config:test() end - config:dump(iptdir, ipsfile) + config:dump(outputdir) elseif mode == 'activate' then diff --git a/awall/init.lua b/awall/init.lua index 47cead4..a533223 100644 --- a/awall/init.lua +++ b/awall/init.lua @@ -138,9 +138,9 @@ function Config:print() self.iptables:print() end -function Config:dump(iptdir, ipsfile) - self.ipset:dump(ipsfile or '/etc/ipset.d/awall') - self.iptables:dump(iptdir or '/etc/iptables') +function Config:dump(dir) + self.ipset:dump(dir or '/etc/ipset.d') + self.iptables:dump(dir or '/etc/iptables') end function Config:test() diff --git a/awall/ipset.lua b/awall/ipset.lua index 73dea04..2b78495 100644 --- a/awall/ipset.lua +++ b/awall/ipset.lua @@ -8,42 +8,50 @@ Licensed under the terms of GPL2 module(..., package.seeall) require 'awall.object' +require 'awall.util' IPSet = awall.object.class(awall.object.Object) -function IPSet:init(config) self.config = config end +function IPSet:init(config) self.config = config or {} end -function IPSet:commands() - local res = {'# ipset file generated by awall\n'} - if self.config then - for name, ipset in pairs(self.config) do - if not ipset.type then ipset:error('Type not defined') end - if not ipset.family then ipset:error('Family not defined') end - table.insert(res, - 'create '..name..' '..ipset.type..' family '..ipset.family..'\n') - end - end - return res +function IPSet:options(name) + local ipset = self.config[name] + if not ipset.type then ipset:error('Type not defined') end + if not ipset.family then ipset:error('Family not defined') end + return {ipset.type, 'family', ipset.family} +end + +function IPSet:dumpfile(name, ipsfile) + ipsfile:write('# ipset '..name..'\n') + ipsfile:write(awall.util.join(self:options(name), ' ')) + ipsfile:write('\n') end function IPSet:create() - for i, line in ipairs(self:commands()) do - local pid, stdin = lpc.run('ipset', '-!', 'restore') - stdin:write(line) - stdin:close() + for name, ipset in pairs(self.config) do + local pid = lpc.run('ipset', '-!', 'create', name, + unpack(self:options(name))) if lpc.wait(pid) ~= 0 then - io.stderr:write('ipset command failed: '..line) + io.stderr:write('ipset creation failed: '..name) end end end -function IPSet:print(file) - if not file then file = io.stdout end - for i, line in ipairs(self:commands()) do file:write(line) end +function IPSet:print() + for name, ipset in pairs(self.config) do + self:dumpfile(name, io.stdout) + io.stdout:write('\n') + end end -function IPSet:dump(ipsfile) - local file = io.output(ipsfile) - self:print(file) - file:close() +function IPSet:dump(ipsdir) + for name, ipset in pairs(self.config) do + local fname = ipsdir..'/'..name + local file = io.open(fname) + if not file then + file = io.open(fname, 'w') + self:dumpfile(name, file) + end + file:close() + end end |