init.lua 2.61 KB
Newer Older
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
1 2 3 4 5 6 7 8 9
--[[
Alpine Wall main module
Copyright (C) 2012 Kaarle Ritvanen
Licensed under the terms of GPL2
]]--

module(..., package.seeall)

require 'json'
10
require 'lfs'
11
require 'stringy'
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
12 13

require 'awall.iptables'
14
require 'awall.model'
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
15 16 17
require 'awall.util'


18 19
local testmode = arg[0] ~= '/usr/sbin/awall'

20 21 22

local modules = {package.loaded['awall.model']}

23
local modpath = testmode and '.' or '/usr/share/lua/5.1'
24 25 26 27 28 29
for modfile in lfs.dir(modpath..'/awall/modules') do
   if stringy.endswith(modfile, '.lua') then
      local name = 'awall.modules.'..string.sub(modfile, 1, -5)
      require(name)
      table.insert(modules, package.loaded[name])
   end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
30 31 32 33 34
end


function translate()

35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
   config = {}

   local confdirs = testmode and {'config'} or {'/usr/share/awall',
						'/etc/awall'}

   for i, dir in ipairs(confdirs) do
      for fname in lfs.dir(dir) do
	 if string.sub(fname, 1, 1) ~= '.' then
	    local data = ''
	    for line in io.lines(dir..'/'..fname) do data = data..line end
	    data = json.decode(data)
	    
	    for cls, objs in pairs(data) do
	       if not config[cls] then config[cls] = objs
	       elseif objs[1] then util.extend(config[cls], objs)
	       else
		  for k, v in pairs(objs) do config[cls][k] = v end
	       end
	    end
	 end
      end
   end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
57

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87

   function expandvars(obj)
      for k, v in pairs(obj) do
	 if type(v) == 'table' then
	    expandvars(v)

	 else
	    local visited = {}
	    local val = v

	    while type(val) == 'string' and string.sub(val, 1, 1) == '$' do
	       local name = string.sub(val, 2, -1)
		  
	       if util.contains(visited, name) then
		  error('Circular variable definition: '..name)
	       end
	       table.insert(visited, name)
		  
	       val = config.variable[name]
	       if not val then error('Invalid variable reference: '..name) end
	    end

	    obj[k] = val
	 end
      end
   end

   expandvars(config)


Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116
   function insertrule(trule)
      local t = awall.iptables.config[trule.family][trule.table][trule.chain]
      if trule.position == 'prepend' then
	 table.insert(t, 1, trule.opts)
      else
	 table.insert(t, trule.opts)
      end
   end

   local locations = {}

   for i, mod in ipairs(modules) do
      for path, cls in pairs(mod.classmap) do
	 if config[path] then	    
	    awall.util.map(config[path], cls.morph)
	    table.insert(locations, config[path])
	 end
      end

      for i, rule in ipairs(mod.defrules) do insertrule(rule) end
   end


   for i, location in ipairs(locations) do
      for i, rule in ipairs(location) do
	 for i, trule in ipairs(rule:trules()) do insertrule(trule) end
      end
   end

117
   awall.iptables.dump(testmode and 'output' or '/etc/iptables')
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
118 119

end