deterministic (alphabetical) ordering for tables and chains in ip[6]tables files

1 files changed, 10 insertions, 6 deletions

diff --git a/awall/iptables.lua b/awall/iptables.lua
index 32b59b2..0be2dc4 100644
--- a/awall/iptables.lua
+++ b/awall/iptables.lua
@@ -11,7 +11,9 @@ require 'lpc'
 
 require 'awall.object'
 require 'awall.uerror'
-require 'awall.util'
+
+local util = require('awall.util')
+local sortedkeys = util.sortedkeys
 
 local class = awall.object.class
 
@@ -96,17 +98,19 @@ end
 
 function IPTables:dumpfile(family, iptfile)
    iptfile:write('# '..families[family].file..' generated by awall\n')
-   for tbl, chains in pairs(self.config[family]) do
+   local tables = self.config[family]
+   for i, tbl in sortedkeys(tables) do
       iptfile:write('*'..tbl..'\n')
-      for chain, rules in pairs(chains) do
+      local chains = tables[tbl]
+      for i, chain in sortedkeys(chains) do
 	 local policy = '-'
-	 if awall.util.contains(builtin[tbl], chain) then
+	 if util.contains(builtin[tbl], chain) then
 	    policy = tbl == 'filter' and 'DROP' or 'ACCEPT'
 	 end
 	 iptfile:write(':'..chain..' '..policy..' [0:0]\n')
       end
-      for chain, rules in pairs(chains) do
-	 for i, rule in ipairs(rules) do
+      for i, chain in sortedkeys(chains) do
+	 for i, rule in ipairs(chains[chain]) do
 	    iptfile:write('-A '..chain..' '..rule..'\n')
 	 end
       end