init.lua 2.6 KB
Newer Older
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
1 2 3 4 5 6 7 8
--[[
Alpine Wall main module
Copyright (C) 2012 Kaarle Ritvanen
Licensed under the terms of GPL2
]]--

module(..., package.seeall)

9
require 'lfs'
10
require 'stringy'
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
11

12
require 'awall.ipset'
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
13
require 'awall.iptables'
14
require 'awall.model'
15
require 'awall.object'
16
require 'awall.policy'
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
17 18 19
require 'awall.util'


20 21
local procorder
local defrules
22 23

function loadmodules(path)
24 25 26 27 28 29 30 31 32 33
   classmap = {}
   procorder = {}
   defrules = {}

   local function readmetadata(mod)
      for i, clsdef in ipairs(mod.classes) do
	 local path, cls = unpack(clsdef)
	 classmap[path] = cls
	 table.insert(procorder, path)
      end
34 35 36 37
      for phase, rules in pairs(mod.defrules) do
	 if not defrules[phase] then defrules[phase] = {} end
	 util.extend(defrules[phase], rules)
      end
38 39 40 41
   end

   readmetadata(model)

42 43 44
   local cdir = lfs.currentdir()
   if path then lfs.chdir(path) end

45 46 47 48
   for modfile in lfs.dir((path or '/usr/share/lua/5.1')..'/awall/modules') do
      if stringy.endswith(modfile, '.lua') then
	 local name = 'awall.modules.'..string.sub(modfile, 1, -5)
	 require(name)
49
	 readmetadata(package.loaded[name])
50
      end
51
   end
52 53

   lfs.chdir(cdir)
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
54 55 56
end


57 58 59
PolicySet = policy.PolicySet


60
Config = object.class(object.Object)
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
61

62
function Config:init(policyconfig)
63

64
   self.input = policyconfig:expand()
65
   self.iptables = iptables.IPTables.new()
66

67 68 69 70 71 72 73 74 75 76 77
   local function morph(path, cls)
      local objs = self.input[path]
      if objs then
	 for k, v in pairs(objs) do
	    objs[k] = cls.morph(v,
				self,
				path..' '..k..' ('..policyconfig.source[path][k]..')')
	 end
      end
   end

78 79 80 81 82 83 84 85
   local function insertrules(trules)
      for i, trule in ipairs(trules) do
	 local t = self.iptables.config[trule.family][trule.table][trule.chain]
	 if trule.position == 'prepend' then
	    table.insert(t, 1, trule.opts)
	 else
	    table.insert(t, trule.opts)
	 end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
86 87 88
      end
   end

89 90 91
   local function insertdefrules(phase)
      if defrules[phase] then insertrules(defrules[phase]) end
   end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
92

93
   for i, path in ipairs(procorder) do morph(path, classmap[path]) end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
94

95
   insertdefrules('pre')
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
96

97 98 99 100 101
   for i, path in ipairs(procorder) do
      if self.input[path] then
	 for i, rule in ipairs(self.input[path]) do
	    insertrules(rule:trules())
	 end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
102
      end
103
      insertdefrules('post-'..path)
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
104
   end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
105

106
   morph('ipset', awall.model.ConfigObject)
107
   self.ipset = ipset.IPSet.new(self.input.ipset)
108
end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
109

110 111 112
function Config:dump(iptdir, ipsfile)
   self.ipset:dump(ipsfile or '/etc/ipset.d/awall')
   self.iptables:dump(iptdir or '/etc/iptables')
113
end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
114

115 116 117
function Config:test()
   self.ipset:create()
   self.iptables:test()
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
118
end
119 120 121 122 123

function Config:activate()
   self:test()
   self.iptables:activate()
end