nat.lua 1.51 KB
Newer Older
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
1 2 3 4 5 6 7 8 9 10
--[[
NAT module for Alpine Wall
Copyright (C) 2012 Kaarle Ritvanen
Licensed under the terms of GPL2
]]--


module(..., package.seeall)

require 'awall.model'
11
require 'awall.util'
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
12 13 14 15

local model = awall.model


16
local NATRule = model.class(model.Rule)
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
17 18 19

function NATRule:trules()
   local res = {}
20 21 22 23
   for i, ofrags in ipairs(model.Rule.trules(self)) do
      if not awall.util.contains(self.params.chains, ofrags.chain) then
	 self:error('Inappropriate zone definitions for a '..self.params.target..' rule')
      end
24
      if ofrags.family == 'inet' then table.insert(res, ofrags) end
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
25 26 27 28 29 30 31
   end
   return res
end

function NATRule:table() return 'nat' end

function NATRule:target()
32
   if self.action then return model.Rule.target(self) end
33 34 35 36 37 38

   local target
   if self['ip-range'] then
      target = self.params.target..' --to-'..self.params.subject..' '..self['ip-range']
   else target = self.params.deftarget end

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
39 40 41 42 43 44 45
   if self['port-range'] then target = target..':'..self['port-range'] end
   return target
end


local DNATRule = model.class(NATRule)

46 47
function DNATRule:init(...)
   NATRule.init(self, unpack(arg))
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
48
   self.params = {forbidif='out', subject='destination',
49 50
		  chains={'INPUT', 'PREROUTING'},
		  target='DNAT', deftarget='REDIRECT'}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
51 52 53 54 55
end


local SNATRule = model.class(NATRule)

56 57
function SNATRule:init(...)
   NATRule.init(self, unpack(arg))
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
58
   self.params = {forbidif='in', subject='source',
59 60
		  chains={'OUTPUT', 'POSTROUTING'},
		  target='SNAT', deftarget='MASQUERADE'}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
61 62 63
end


64 65
classes = {{'dnat', DNATRule},
	   {'snat', SNATRule}}