dumping and testing functions separated

module for ipset tool-related functionality

awall-cli

@@ -25,4 +25,5 @@ if testmode then
    awall.ipsfile = 'output/ipset'
 end
 
-awall.translate()
+awall.test()
+awall.dump()

awall/init.lua

@@ -10,6 +10,7 @@ require 'json'
 require 'lfs'
 require 'stringy'
 
+require 'awall.ipset'
 require 'awall.iptables'
 require 'awall.model'
 require 'awall.util'
@@ -33,9 +34,11 @@ function loadmodules(path)
 end
 
 
-function translate()
+local function readconfig()
 
    config = {}
+   awall.model.reset()
+   awall.iptables.reset()
 
    for i, dir in ipairs(confdirs) do
       local fnames = {}
@@ -117,18 +120,16 @@ function translate()
 	 for i, trule in ipairs(rule:trules()) do insertrule(trule) end
       end
    end
+end
 
+function dump()
+   readconfig()
+   awall.ipset.dump(ipsfile)
    awall.iptables.dump(iptdir)
+end
 
-   if config.ipset then
-      local ips = io.output(ipsfile)
-      for name, params in pairs(config.ipset) do
-	 if not params.type then error('Type not defined for set '..name) end
-	 local line = 'create '..name..' '..params.type
-	 if params.family then line = line..' family '..params.family end
-	 ips:write(line..'\n')
-      end
-      ips:close()
-   end
-
+function test()
+   readconfig()
+   awall.ipset.create()
+   awall.iptables.test()
 end

awall/ipset.lua

+--[[
+Ipset file dumper for Alpine Wall
+Copyright (C) 2012 Kaarle Ritvanen
+Licensed under the terms of GPL2
+]]--
+
+
+module(..., package.seeall)
+
+local function commands()
+   local config = awall.config
+   local res = {}
+   if config.ipset then
+      for name, params in pairs(config.ipset) do
+	 if not params.type then error('Type not defined for set '..name) end
+	 local line = 'create '..name..' '..params.type
+	 if params.family then line = line..' family '..params.family end
+	 table.insert(res, line..'\n')
+      end
+   end
+   return res
+end
+
+function create()
+   for i, line in ipairs(commands()) do
+      local pid, stdin = lpc.run('ipset', '-!', 'restore')
+      stdin:write(line)
+      stdin:close()
+      if lpc.wait(pid) ~= 0 then
+	 io.stderr:write('ipset command failed: '..line)
+      end
+   end
+end
+
+function dump(ipsfile)
+   local file = io.output(ipsfile)
+   for i, line in ipairs(commands()) do file:write(line) end
+   file:close()
+end

awall/iptables.lua

@@ -18,13 +18,16 @@ local families = {inet={cmd='iptables-restore', file='rules-save'},
 local builtin = {'INPUT', 'FORWARD', 'OUTPUT',
 		 'PREROUTING', 'POSTROUTING'}
 
-config = {}
-setmetatable(config,
-	     {__index=function(t, k)
-			 t[k] = {}
-			 setmetatable(t[k], getmetatable(t))
-			 return t[k]
-		      end})
+function reset()
+   config = {}
+   setmetatable(config,
+		{__index=function(t, k)
+			    t[k] = {}
+			    setmetatable(t[k], getmetatable(t))
+			    return t[k]
+			 end})
+end
+reset()
 
 local function dumpfile(family, iptfile)
    iptfile:write('# '..families[family].file..' generated by awall\n')
@@ -43,13 +46,17 @@ local function dumpfile(family, iptfile)
    end
 end
 
-function dump(dir)
+function test()
    for family, tbls in pairs(config) do
       local pid, stdin = lpc.run(families[family].cmd, '-t')
       dumpfile(family, stdin)
       stdin:close()
       assert(lpc.wait(pid) == 0)
+   end
+end
 
+function dump(dir)
+   for family, tbls in pairs(config) do
       dumpfile(family, io.output(dir..'/'..families[family].file))
    end
 end

awall/model.lua

@@ -360,6 +360,10 @@ function Rule:newchain(base)
    return base..'-'..lastid[base]
 end
 
+function reset()
+   lastid = {}
+end
+
 
 classmap = {zone=Zone}