diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2013-01-18 19:19:43 +0200 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2013-01-18 19:19:43 +0200 |
| commit | a7c8d0718ea806423dce46c1b0163ee058fe1037 (patch) | |
| tree | f9e93b17838e6699557247ebe0609cb58421af1d | |
| parent | 9635c871e0f8e20d5f93f19ace2c863d983fe20f (diff) | |
| download | awall-a7c8d0718ea806423dce46c1b0163ee058fe1037.tar.bz2 awall-a7c8d0718ea806423dce46c1b0163ee058fe1037.tar.xz | |
properly support ipset types other than hashesv0.2.13
move ipset config object handling to model.lua
fixes #1535
| -rw-r--r-- | awall/init.lua | 27 | ||||
| -rw-r--r-- | awall/ipset.lua | 13 | ||||
| -rw-r--r-- | awall/model.lua | 30 |
3 files changed, 43 insertions, 27 deletions
diff --git a/awall/init.lua b/awall/init.lua index 743a83b..1d77f0a 100644 --- a/awall/init.lua +++ b/awall/init.lua @@ -1,6 +1,6 @@ --[[ Alpine Wall main module -Copyright (C) 2012 Kaarle Ritvanen +Copyright (C) 2012-2013 Kaarle Ritvanen Licensed under the terms of GPL2 ]]-- @@ -76,17 +76,6 @@ function Config:init(policyconfig) self.objects = policyconfig:expand() self.iptables = iptables.IPTables.new() - local function morph(path, cls) - local objs = self.objects[path] - if objs then - for k, v in pairs(objs) do - objs[k] = cls.morph(v, - self, - path..' '..k..' ('..policyconfig.source[path][k]..')') - end - end - end - local acfrags = {} local function insertrules(trules) @@ -115,7 +104,18 @@ function Config:init(policyconfig) end end - for i, path in ipairs(procorder) do morph(path, classmap[path]) end + for i, path in ipairs(procorder) do + local objs = self.objects[path] + if objs then + for k, v in pairs(objs) do + objs[k] = classmap[path].morph( + v, + self, + path..' '..k..' ('..policyconfig.source[path][k]..')' + ) + end + end + end insertdefrules('pre') @@ -132,7 +132,6 @@ function Config:init(policyconfig) for k, v in pairs(acfrags) do table.insert(ofrags, v) end insertrules(optfrag.combinations(achains, ofrags)) - morph('ipset', awall.model.ConfigObject) self.ipset = ipset.IPSet.new(self.objects.ipset) end diff --git a/awall/ipset.lua b/awall/ipset.lua index 5086d28..c8453af 100644 --- a/awall/ipset.lua +++ b/awall/ipset.lua @@ -1,6 +1,6 @@ --[[ Ipset file dumper for Alpine Wall -Copyright (C) 2012 Kaarle Ritvanen +Copyright (C) 2012-2013 Kaarle Ritvanen Licensed under the terms of GPL2 ]]-- @@ -13,23 +13,16 @@ IPSet = awall.object.class() function IPSet:init(config) self.config = config or {} end -function IPSet:options(name) - local ipset = self.config[name] - if not ipset.type then ipset:error('Type not defined') end - if not ipset.family then ipset:error('Family not defined') end - return {ipset.type, 'family', ipset.family} -end - function IPSet:dumpfile(name, ipsfile) ipsfile:write('# ipset '..name..'\n') - ipsfile:write(table.concat(self:options(name), ' ')) + ipsfile:write(table.concat(self.config[name].options, ' ')) ipsfile:write('\n') end function IPSet:create() for name, ipset in pairs(self.config) do local pid = lpc.run('ipset', '-!', 'create', name, - unpack(self:options(name))) + unpack(ipset.options)) if lpc.wait(pid) ~= 0 then io.stderr:write('ipset creation failed: '..name) end diff --git a/awall/model.lua b/awall/model.lua index d2761ce..21ff390 100644 --- a/awall/model.lua +++ b/awall/model.lua @@ -1,6 +1,6 @@ --[[ Base data model for Alpine Wall -Copyright (C) 2012 Kaarle Ritvanen +Copyright (C) 2012-2013 Kaarle Ritvanen Licensed under the terms of GPL2 ]]-- @@ -19,8 +19,10 @@ local combinations = awall.optfrag.combinations class = awall.object.class +require 'stringy' -ConfigObject = class() + +local ConfigObject = class() function ConfigObject:init(context, location) if context then @@ -95,6 +97,28 @@ end fwzone = Zone.new() +IPSet = class(ConfigObject) + +function IPSet:init(...) + ConfigObject.init(self, unpack(arg)) + + if not self.type then self:error('Type not defined') end + + if stringy.startswith(self.type, 'bitmap:') then + if not self.range then self:error('Range not defined') end + self.options = {self.type, 'range', self.range} + self.family = 'inet' + + elseif stringy.startswith(self.type, 'hash:') then + if not self.family then self:error('Family not defined') end + self.options = {self.type, 'family', self.family} + + elseif self.type == 'list:set' then self.options = {self.type} + + else self:error('Invalid type: '..self.type) end +end + + Rule = class(ConfigObject) @@ -455,5 +479,5 @@ function Rule:newchain(key) end -classes = {{'zone', Zone}} +classes = {{'zone', Zone}, {'ipset', IPSet}} |