Commit 3911de11 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen
Browse files

streamlined sanity checking for allowed input/output interface options

parent f8da875b
...@@ -114,18 +114,13 @@ end ...@@ -114,18 +114,13 @@ end
function Rule:defaultzones() return {nil, fwzone} end function Rule:defaultzones() return {nil, fwzone} end
function Rule:checkzoneoptfrag(ofrag) end
function Rule:zoneoptfrags() function Rule:zoneoptfrags()
local function zonepair(zin, zout) local function zonepair(zin, zout)
local function zofs(zone, dir) local function zofs(zone, dir)
if not zone then return zone end if not zone then return zone end
local ofrags = zone:optfrags(dir) return zone:optfrags(dir)
util.map(ofrags, function(x) self:checkzoneoptfrag(x) end)
return ofrags
end end
local chain, ofrags local chain, ofrags
...@@ -364,6 +359,17 @@ function Rule:trules() ...@@ -364,6 +359,17 @@ function Rule:trules()
util.extend(res, ffilter(self:extraoptfrags())) util.extend(res, ffilter(self:extraoptfrags()))
tag(res, 'table', self:table(), false) tag(res, 'table', self:table(), false)
local function checkzof(ofrag, dir, chains)
if ofrag[dir] and util.contains(chains, ofrag.chain) then
self:error('Cannot specify '..dir..'bound interface ('..ofrag[dir]..')')
end
end
for i, ofrag in ipairs(res) do
checkzof(ofrag, 'in', {'OUTPUT', 'POSTROUTING'})
checkzof(ofrag, 'out', {'INPUT', 'PREROUTING'})
end
return combinations(res, ffilter({{family='inet'}, {family='inet6'}})) return combinations(res, ffilter({{family='inet'}, {family='inet6'}}))
end end
...@@ -400,12 +406,6 @@ end ...@@ -400,12 +406,6 @@ end
function ForwardOnlyRule:defaultzones() return {nil} end function ForwardOnlyRule:defaultzones() return {nil} end
function ForwardOnlyRule:checkzoneoptfrag(ofrag)
if ofrag.out then
self:error('Cannot specify outbound interface ('..ofrag.out..')')
end
end
function ForwardOnlyRule:chain() return 'PREROUTING' end function ForwardOnlyRule:chain() return 'PREROUTING' end
......
...@@ -14,12 +14,6 @@ local model = awall.model ...@@ -14,12 +14,6 @@ local model = awall.model
local ClampMSSRule = model.class(model.ForwardOnlyRule) local ClampMSSRule = model.class(model.ForwardOnlyRule)
function ClampMSSRule:checkzoneoptfrag(ofrag)
if ofrag['in'] then
self:error('Cannot specify inbound interface ('..ofrag['in']..')')
end
end
function ClampMSSRule:table() return 'mangle' end function ClampMSSRule:table() return 'mangle' end
function ClampMSSRule:chain() return 'POSTROUTING' end function ClampMSSRule:chain() return 'POSTROUTING' end
......
...@@ -14,13 +14,6 @@ local model = awall.model ...@@ -14,13 +14,6 @@ local model = awall.model
local NATRule = model.class(model.ForwardOnlyRule) local NATRule = model.class(model.ForwardOnlyRule)
function NATRule:checkzoneoptfrag(ofrag)
local iface = ofrag[self.params.forbidif]
if iface then
self:error('Cannot specify '..self.params.forbidif..'bound interface ('..iface..')')
end
end
function NATRule:trules() function NATRule:trules()
local res = {} local res = {}
for i, ofrags in ipairs(model.ForwardOnlyRule.trules(self)) do for i, ofrags in ipairs(model.ForwardOnlyRule.trules(self)) do
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment