diff options
Diffstat (limited to 'awall')
-rw-r--r-- | awall/init.lua | 27 | ||||
-rw-r--r-- | awall/ipset.lua | 13 | ||||
-rw-r--r-- | awall/model.lua | 30 |
3 files changed, 43 insertions, 27 deletions
diff --git a/awall/init.lua b/awall/init.lua index 743a83b..1d77f0a 100644 --- a/awall/init.lua +++ b/awall/init.lua @@ -1,6 +1,6 @@ --[[ Alpine Wall main module -Copyright (C) 2012 Kaarle Ritvanen +Copyright (C) 2012-2013 Kaarle Ritvanen Licensed under the terms of GPL2 ]]-- @@ -76,17 +76,6 @@ function Config:init(policyconfig) self.objects = policyconfig:expand() self.iptables = iptables.IPTables.new() - local function morph(path, cls) - local objs = self.objects[path] - if objs then - for k, v in pairs(objs) do - objs[k] = cls.morph(v, - self, - path..' '..k..' ('..policyconfig.source[path][k]..')') - end - end - end - local acfrags = {} local function insertrules(trules) @@ -115,7 +104,18 @@ function Config:init(policyconfig) end end - for i, path in ipairs(procorder) do morph(path, classmap[path]) end + for i, path in ipairs(procorder) do + local objs = self.objects[path] + if objs then + for k, v in pairs(objs) do + objs[k] = classmap[path].morph( + v, + self, + path..' '..k..' ('..policyconfig.source[path][k]..')' + ) + end + end + end insertdefrules('pre') @@ -132,7 +132,6 @@ function Config:init(policyconfig) for k, v in pairs(acfrags) do table.insert(ofrags, v) end insertrules(optfrag.combinations(achains, ofrags)) - morph('ipset', awall.model.ConfigObject) self.ipset = ipset.IPSet.new(self.objects.ipset) end diff --git a/awall/ipset.lua b/awall/ipset.lua index 5086d28..c8453af 100644 --- a/awall/ipset.lua +++ b/awall/ipset.lua @@ -1,6 +1,6 @@ --[[ Ipset file dumper for Alpine Wall -Copyright (C) 2012 Kaarle Ritvanen +Copyright (C) 2012-2013 Kaarle Ritvanen Licensed under the terms of GPL2 ]]-- @@ -13,23 +13,16 @@ IPSet = awall.object.class() function IPSet:init(config) self.config = config or {} end -function IPSet:options(name) - local ipset = self.config[name] - if not ipset.type then ipset:error('Type not defined') end - if not ipset.family then ipset:error('Family not defined') end - return {ipset.type, 'family', ipset.family} -end - function IPSet:dumpfile(name, ipsfile) ipsfile:write('# ipset '..name..'\n') - ipsfile:write(table.concat(self:options(name), ' ')) + ipsfile:write(table.concat(self.config[name].options, ' ')) ipsfile:write('\n') end function IPSet:create() for name, ipset in pairs(self.config) do local pid = lpc.run('ipset', '-!', 'create', name, - unpack(self:options(name))) + unpack(ipset.options)) if lpc.wait(pid) ~= 0 then io.stderr:write('ipset creation failed: '..name) end diff --git a/awall/model.lua b/awall/model.lua index d2761ce..21ff390 100644 --- a/awall/model.lua +++ b/awall/model.lua @@ -1,6 +1,6 @@ --[[ Base data model for Alpine Wall -Copyright (C) 2012 Kaarle Ritvanen +Copyright (C) 2012-2013 Kaarle Ritvanen Licensed under the terms of GPL2 ]]-- @@ -19,8 +19,10 @@ local combinations = awall.optfrag.combinations class = awall.object.class +require 'stringy' -ConfigObject = class() + +local ConfigObject = class() function ConfigObject:init(context, location) if context then @@ -95,6 +97,28 @@ end fwzone = Zone.new() +IPSet = class(ConfigObject) + +function IPSet:init(...) + ConfigObject.init(self, unpack(arg)) + + if not self.type then self:error('Type not defined') end + + if stringy.startswith(self.type, 'bitmap:') then + if not self.range then self:error('Range not defined') end + self.options = {self.type, 'range', self.range} + self.family = 'inet' + + elseif stringy.startswith(self.type, 'hash:') then + if not self.family then self:error('Family not defined') end + self.options = {self.type, 'family', self.family} + + elseif self.type == 'list:set' then self.options = {self.type} + + else self:error('Invalid type: '..self.type) end +end + + Rule = class(ConfigObject) @@ -455,5 +479,5 @@ function Rule:newchain(key) end -classes = {{'zone', Zone}} +classes = {{'zone', Zone}, {'ipset', IPSet}} |