init.lua 2.42 KB
Newer Older
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
1 2 3 4 5 6 7 8
--[[
Alpine Wall main module
Copyright (C) 2012 Kaarle Ritvanen
Licensed under the terms of GPL2
]]--

module(..., package.seeall)

9
require 'lfs'
10
require 'stringy'
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
11

12
require 'awall.ipset'
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
13
require 'awall.iptables'
14
require 'awall.model'
15
require 'awall.object'
16
require 'awall.policy'
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
17 18 19
require 'awall.util'


20 21
local procorder
local defrules
22 23

function loadmodules(path)
24 25 26 27 28 29 30 31 32 33
   classmap = {}
   procorder = {}
   defrules = {}

   local function readmetadata(mod)
      for i, clsdef in ipairs(mod.classes) do
	 local path, cls = unpack(clsdef)
	 classmap[path] = cls
	 table.insert(procorder, path)
      end
34 35 36 37
      for phase, rules in pairs(mod.defrules) do
	 if not defrules[phase] then defrules[phase] = {} end
	 util.extend(defrules[phase], rules)
      end
38 39 40 41
   end

   readmetadata(model)

42 43 44
   local cdir = lfs.currentdir()
   if path then lfs.chdir(path) end

45 46 47 48
   for modfile in lfs.dir((path or '/usr/share/lua/5.1')..'/awall/modules') do
      if stringy.endswith(modfile, '.lua') then
	 local name = 'awall.modules.'..string.sub(modfile, 1, -5)
	 require(name)
49
	 readmetadata(package.loaded[name])
50
      end
51
   end
52 53

   lfs.chdir(cdir)
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
54 55 56
end


57 58 59
PolicySet = policy.PolicySet


60
Config = object.class(object.Object)
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
61

62
function Config:init(policyconfig)
63

64
   self.input = policyconfig:expand()
65
   self.iptables = iptables.IPTables.new()
66

67 68 69 70 71 72 73 74
   local function insertrules(trules)
      for i, trule in ipairs(trules) do
	 local t = self.iptables.config[trule.family][trule.table][trule.chain]
	 if trule.position == 'prepend' then
	    table.insert(t, 1, trule.opts)
	 else
	    table.insert(t, trule.opts)
	 end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
75 76 77
      end
   end

78 79 80
   local function insertdefrules(phase)
      if defrules[phase] then insertrules(defrules[phase]) end
   end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
81

82 83 84 85
   for i, path in ipairs(procorder) do
      if self.input[path] then
	 util.map(self.input[path],
		  function(obj) return classmap[path].morph(obj, self) end)
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
86 87 88
      end
   end

89
   insertdefrules('pre')
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
90

91 92 93 94 95
   for i, path in ipairs(procorder) do
      if self.input[path] then
	 for i, rule in ipairs(self.input[path]) do
	    insertrules(rule:trules())
	 end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
96
      end
97
      insertdefrules('post-'..path)
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
98
   end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
99

100
   self.ipset = ipset.IPSet.new(self.input.ipset)
101
end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
102

103 104 105
function Config:dump(iptdir, ipsfile)
   self.ipset:dump(ipsfile or '/etc/ipset.d/awall')
   self.iptables:dump(iptdir or '/etc/iptables')
106
end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
107

108 109 110
function Config:test()
   self.ipset:create()
   self.iptables:test()
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
111
end
112 113 114 115 116

function Config:activate()
   self:test()
   self.iptables:activate()
end