diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2013-01-24 14:12:22 +0000 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2013-01-24 14:12:30 +0000 |
commit | f668c1eb097e24750b1be1cd2bbd1a91df5e9b43 (patch) | |
tree | f98dd8409fa80f7bd032190c39d4ceedb980c6bc /awall | |
parent | bcddde588c8275ebae677235e24b4df264a746bd (diff) | |
download | awall-f668c1eb097e24750b1be1cd2bbd1a91df5e9b43.tar.bz2 awall-f668c1eb097e24750b1be1cd2bbd1a91df5e9b43.tar.xz |
transparent proxy modulev0.2.14
fixes #1582
Diffstat (limited to 'awall')
-rw-r--r-- | awall/modules/tproxy.lua | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/awall/modules/tproxy.lua b/awall/modules/tproxy.lua new file mode 100644 index 0000000..f2931b2 --- /dev/null +++ b/awall/modules/tproxy.lua @@ -0,0 +1,41 @@ +--[[ +Transparent proxy module for Alpine Wall +Copyright (C) 2012-2013 Kaarle Ritvanen +Licensed under the terms of GPL2 +]]-- + + +module(..., package.seeall) + +local class = require('awall.model').class +local combinations = require('awall.optfrag').combinations +local util = require('awall.util') + +local MarkRule = require('awall').loadclass('mark') + +local TProxyRule = class(MarkRule) + +function TProxyRule:target() + if not self['to-port'] then self:error('Proxy port not specified') end + return 'TPROXY --tproxy-mark '..self.mark..' --on-port '..self['to-port'] +end + +function TProxyRule:mangleoptfrag(ofrag) + local dof = util.copy(ofrag) + dof.target = nil + local res = combinations( + {dof}, + {{opts='-m socket', target=self:newchain('divert')}} + ) + table.insert(res, ofrag) + return res +end + +function TProxyRule:extraoptfrags() + return combinations( + {{chain=self:newchain('divert')}}, + {{target=MarkRule.target(self)}, {target='ACCEPT'}} + ) +end + +export = {tproxy={class=TProxyRule, before={'clamp-mss', '%mark-rt'}}} |