Commit 4bfc8d8b authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

dumping and testing functions separated

module for ipset tool-related functionality
parent 2e000241
...@@ -25,4 +25,5 @@ if testmode then ...@@ -25,4 +25,5 @@ if testmode then
awall.ipsfile = 'output/ipset' awall.ipsfile = 'output/ipset'
end end
awall.translate() awall.test()
awall.dump()
...@@ -10,6 +10,7 @@ require 'json' ...@@ -10,6 +10,7 @@ require 'json'
require 'lfs' require 'lfs'
require 'stringy' require 'stringy'
require 'awall.ipset'
require 'awall.iptables' require 'awall.iptables'
require 'awall.model' require 'awall.model'
require 'awall.util' require 'awall.util'
...@@ -33,9 +34,11 @@ function loadmodules(path) ...@@ -33,9 +34,11 @@ function loadmodules(path)
end end
function translate() local function readconfig()
config = {} config = {}
awall.model.reset()
awall.iptables.reset()
for i, dir in ipairs(confdirs) do for i, dir in ipairs(confdirs) do
local fnames = {} local fnames = {}
...@@ -117,18 +120,16 @@ function translate() ...@@ -117,18 +120,16 @@ function translate()
for i, trule in ipairs(rule:trules()) do insertrule(trule) end for i, trule in ipairs(rule:trules()) do insertrule(trule) end
end end
end end
end
function dump()
readconfig()
awall.ipset.dump(ipsfile)
awall.iptables.dump(iptdir) awall.iptables.dump(iptdir)
end
if config.ipset then function test()
local ips = io.output(ipsfile) readconfig()
for name, params in pairs(config.ipset) do awall.ipset.create()
if not params.type then error('Type not defined for set '..name) end awall.iptables.test()
local line = 'create '..name..' '..params.type
if params.family then line = line..' family '..params.family end
ips:write(line..'\n')
end
ips:close()
end
end end
--[[
Ipset file dumper for Alpine Wall
Copyright (C) 2012 Kaarle Ritvanen
Licensed under the terms of GPL2
]]--
module(..., package.seeall)
local function commands()
local config = awall.config
local res = {}
if config.ipset then
for name, params in pairs(config.ipset) do
if not params.type then error('Type not defined for set '..name) end
local line = 'create '..name..' '..params.type
if params.family then line = line..' family '..params.family end
table.insert(res, line..'\n')
end
end
return res
end
function create()
for i, line in ipairs(commands()) do
local pid, stdin = lpc.run('ipset', '-!', 'restore')
stdin:write(line)
stdin:close()
if lpc.wait(pid) ~= 0 then
io.stderr:write('ipset command failed: '..line)
end
end
end
function dump(ipsfile)
local file = io.output(ipsfile)
for i, line in ipairs(commands()) do file:write(line) end
file:close()
end
...@@ -18,13 +18,16 @@ local families = {inet={cmd='iptables-restore', file='rules-save'}, ...@@ -18,13 +18,16 @@ local families = {inet={cmd='iptables-restore', file='rules-save'},
local builtin = {'INPUT', 'FORWARD', 'OUTPUT', local builtin = {'INPUT', 'FORWARD', 'OUTPUT',
'PREROUTING', 'POSTROUTING'} 'PREROUTING', 'POSTROUTING'}
config = {} function reset()
setmetatable(config, config = {}
{__index=function(t, k) setmetatable(config,
t[k] = {} {__index=function(t, k)
setmetatable(t[k], getmetatable(t)) t[k] = {}
return t[k] setmetatable(t[k], getmetatable(t))
end}) return t[k]
end})
end
reset()
local function dumpfile(family, iptfile) local function dumpfile(family, iptfile)
iptfile:write('# '..families[family].file..' generated by awall\n') iptfile:write('# '..families[family].file..' generated by awall\n')
...@@ -43,13 +46,17 @@ local function dumpfile(family, iptfile) ...@@ -43,13 +46,17 @@ local function dumpfile(family, iptfile)
end end
end end
function dump(dir) function test()
for family, tbls in pairs(config) do for family, tbls in pairs(config) do
local pid, stdin = lpc.run(families[family].cmd, '-t') local pid, stdin = lpc.run(families[family].cmd, '-t')
dumpfile(family, stdin) dumpfile(family, stdin)
stdin:close() stdin:close()
assert(lpc.wait(pid) == 0) assert(lpc.wait(pid) == 0)
end
end
function dump(dir)
for family, tbls in pairs(config) do
dumpfile(family, io.output(dir..'/'..families[family].file)) dumpfile(family, io.output(dir..'/'..families[family].file))
end end
end end
...@@ -360,6 +360,10 @@ function Rule:newchain(base) ...@@ -360,6 +360,10 @@ function Rule:newchain(base)
return base..'-'..lastid[base] return base..'-'..lastid[base]
end end
function reset()
lastid = {}
end
classmap = {zone=Zone} classmap = {zone=Zone}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment