summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2012-07-20 10:07:31 +0000
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2012-07-20 10:07:31 +0000
commit3911de118f61f8801b859e0683cea06f21583c00 (patch)
tree780db91c35982bd459314a4f53d1914c27991c48
parentf8da875b1e1d3b425a5a4fa1f80d7989f1ab345e (diff)
downloadawall-3911de118f61f8801b859e0683cea06f21583c00.tar.bz2
awall-3911de118f61f8801b859e0683cea06f21583c00.tar.xz
streamlined sanity checking for allowed input/output interface options
Diffstat
-rw-r--r--awall/model.lua24
-rw-r--r--awall/modules/clampmss.lua6
-rw-r--r--awall/modules/nat.lua7
3 files changed, 12 insertions, 25 deletions
diff --git a/awall/model.lua b/awall/model.lua
index 4fff0b3..bdf5d35 100644
--- a/awall/model.lua
+++ b/awall/model.lua
@@ -114,18 +114,13 @@ end
function Rule:defaultzones() return {nil, fwzone} end
-function Rule:checkzoneoptfrag(ofrag) end
-
-
function Rule:zoneoptfrags()
local function zonepair(zin, zout)
local function zofs(zone, dir)
if not zone then return zone end
- local ofrags = zone:optfrags(dir)
- util.map(ofrags, function(x) self:checkzoneoptfrag(x) end)
- return ofrags
+ return zone:optfrags(dir)
end
local chain, ofrags
@@ -364,6 +359,17 @@ function Rule:trules()
util.extend(res, ffilter(self:extraoptfrags()))
tag(res, 'table', self:table(), false)
+
+ local function checkzof(ofrag, dir, chains)
+ if ofrag[dir] and util.contains(chains, ofrag.chain) then
+ self:error('Cannot specify '..dir..'bound interface ('..ofrag[dir]..')')
+ end
+ end
+
+ for i, ofrag in ipairs(res) do
+ checkzof(ofrag, 'in', {'OUTPUT', 'POSTROUTING'})
+ checkzof(ofrag, 'out', {'INPUT', 'PREROUTING'})
+ end
return combinations(res, ffilter({{family='inet'}, {family='inet6'}}))
end
@@ -400,12 +406,6 @@ end
function ForwardOnlyRule:defaultzones() return {nil} end
-function ForwardOnlyRule:checkzoneoptfrag(ofrag)
- if ofrag.out then
- self:error('Cannot specify outbound interface ('..ofrag.out..')')
- end
-end
-
function ForwardOnlyRule:chain() return 'PREROUTING' end
diff --git a/awall/modules/clampmss.lua b/awall/modules/clampmss.lua
index 4f74cb5..9202892 100644
--- a/awall/modules/clampmss.lua
+++ b/awall/modules/clampmss.lua
@@ -14,12 +14,6 @@ local model = awall.model
local ClampMSSRule = model.class(model.ForwardOnlyRule)
-function ClampMSSRule:checkzoneoptfrag(ofrag)
- if ofrag['in'] then
- self:error('Cannot specify inbound interface ('..ofrag['in']..')')
- end
-end
-
function ClampMSSRule:table() return 'mangle' end
function ClampMSSRule:chain() return 'POSTROUTING' end
diff --git a/awall/modules/nat.lua b/awall/modules/nat.lua
index 6ec39a2..5559d11 100644
--- a/awall/modules/nat.lua
+++ b/awall/modules/nat.lua
@@ -14,13 +14,6 @@ local model = awall.model
local NATRule = model.class(model.ForwardOnlyRule)
-function NATRule:checkzoneoptfrag(ofrag)
- local iface = ofrag[self.params.forbidif]
- if iface then
- self:error('Cannot specify '..self.params.forbidif..'bound interface ('..iface..')')
- end
-end
-
function NATRule:trules()
local res = {}
for i, ofrags in ipairs(model.ForwardOnlyRule.trules(self)) do
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-05 11:33:55 +0000