Commit 498a67cf authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

apply ip[6]tables-restore only if protocol support loaded into kernel

parent 4fa8ce2e
...@@ -15,8 +15,12 @@ require 'awall.util' ...@@ -15,8 +15,12 @@ require 'awall.util'
local class = awall.object.class local class = awall.object.class
local families = {inet={cmd='iptables', file='rules-save'}, local families = {inet={cmd='iptables',
inet6={cmd='ip6tables', file='rules6-save'}} file='rules-save',
local builtin = {'INPUT', 'FORWARD', 'OUTPUT', local builtin = {'INPUT', 'FORWARD', 'OUTPUT',
...@@ -34,19 +38,34 @@ function BaseIPTables:dump(dir) ...@@ -34,19 +38,34 @@ function BaseIPTables:dump(dir)
end end
end end
function BaseIPTables:restore(...) function BaseIPTables:restore(test)
local disabled = true
for family, params in pairs(families) do for family, params in pairs(families) do
local pid, stdin, stdout ='-restore', unpack(arg)) local file =
if file then
local pid, stdin, stdout ='-restore',
unpack({test and '-t' or nil}))
stdout:close() stdout:close()
self:dumpfile(family, stdin) self:dumpfile(family, stdin)
stdin:close() stdin:close()
assert(lpc.wait(pid) == 0) assert(lpc.wait(pid) == 0)
disabled = false
elseif test then
io.stderr:write('Warning: '' rules not tested\n')
end end
if disabled then error('Firewall not enabled in kernel') end
end end
function BaseIPTables:activate() self:restore() end function BaseIPTables:activate() self:restore(false) end
function BaseIPTables:test() self:restore('-t') end function BaseIPTables:test() self:restore(true) end
IPTables = class(BaseIPTables) IPTables = class(BaseIPTables)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment