Commit c6a67bab authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

changed protocol strings to inet and inet6

parent 0e5d732b
...@@ -7,8 +7,8 @@ Licensed under the terms of GPL2 ...@@ -7,8 +7,8 @@ Licensed under the terms of GPL2
module(..., package.seeall) module(..., package.seeall)
local familypatterns = {ip4='%d[%.%d/]+', local familypatterns = {inet='%d[%.%d/]+',
ip6='[:%x/]+', inet6='[:%x/]+',
domain='[%a-][%.%w-]*'} domain='[%a-][%.%w-]*'}
local function getfamily(addr) local function getfamily(addr)
...@@ -32,8 +32,8 @@ function resolve(host) ...@@ -32,8 +32,8 @@ function resolve(host)
string.match(rec, '^('..familypatterns.domain..')\t+%d+\t+IN\t+(A+)\t+(.+)') string.match(rec, '^('..familypatterns.domain..')\t+%d+\t+IN\t+(A+)\t+(.+)')
if name and string.sub(name, 1, string.len(host) + 1) == host..'.' then if name and string.sub(name, 1, string.len(host) + 1) == host..'.' then
if rtype == 'A' then family = 'ip4' if rtype == 'A' then family = 'inet'
elseif rtype == 'AAAA' then family = 'ip6' elseif rtype == 'AAAA' then family = 'inet6'
else family = nil end else family = nil end
if family then if family then
......
...@@ -12,8 +12,8 @@ require 'lpc' ...@@ -12,8 +12,8 @@ require 'lpc'
require 'awall.util' require 'awall.util'
contains = awall.util.contains contains = awall.util.contains
local families = {ip4={cmd='iptables-restore', file='rules-save'}, local families = {inet={cmd='iptables-restore', file='rules-save'},
ip6={cmd='ip6tables-restore', file='rules6-save'}} inet6={cmd='ip6tables-restore', file='rules6-save'}}
local builtin = {'INPUT', 'FORWARD', 'OUTPUT', local builtin = {'INPUT', 'FORWARD', 'OUTPUT',
'PREROUTING', 'POSTROUTING'} 'PREROUTING', 'POSTROUTING'}
......
...@@ -188,10 +188,10 @@ function Rule:servoptfrags() ...@@ -188,10 +188,10 @@ function Rule:servoptfrags()
-- TODO multiple ICMP types per rule -- TODO multiple ICMP types per rule
local oname local oname
if util.contains({1, 'icmp'}, sdef.proto) then if util.contains({1, 'icmp'}, sdef.proto) then
family = 'ip4' family = 'inet'
oname = 'icmp-type' oname = 'icmp-type'
elseif util.contains({58, 'ipv6-icmp', 'icmpv6'}, sdef.proto) then elseif util.contains({58, 'ipv6-icmp', 'icmpv6'}, sdef.proto) then
family = 'ip6' family = 'inet6'
oname = 'icmpv6-type' oname = 'icmpv6-type'
else error('Type specification not valid with '..sdef.proto) end else error('Type specification not valid with '..sdef.proto) end
opts = opts..' --'..oname..' '..sdef.type opts = opts..' --'..oname..' '..sdef.type
...@@ -347,7 +347,7 @@ function Rule:trules() ...@@ -347,7 +347,7 @@ function Rule:trules()
tag(res, 'table', self:table(), false) tag(res, 'table', self:table(), false)
return combinations(res, ffilter({{family='ip4'}, {family='ip6'}})) return combinations(res, ffilter({{family='inet'}, {family='inet6'}}))
end end
function Rule:extraoptfrags() return {} end function Rule:extraoptfrags() return {} end
......
...@@ -61,7 +61,7 @@ function Policy:servoptfrags() return nil end ...@@ -61,7 +61,7 @@ function Policy:servoptfrags() return nil end
classmap = {policy=Policy, filter=Filter} classmap = {policy=Policy, filter=Filter}
defrules = {} defrules = {}
for i, family in ipairs({'ip4', 'ip6'}) do for i, family in ipairs({'inet', 'inet6'}) do
for i, target in ipairs({'DROP', 'REJECT'}) do for i, target in ipairs({'DROP', 'REJECT'}) do
for i, opts in ipairs({'-m limit --limit 1/second -j LOG', '-j '..target}) do for i, opts in ipairs({'-m limit --limit 1/second -j LOG', '-j '..target}) do
table.insert(defrules, table.insert(defrules,
......
...@@ -34,7 +34,7 @@ end ...@@ -34,7 +34,7 @@ end
function NATRule:trules() function NATRule:trules()
local res = {} local res = {}
for i, ofrags in ipairs(model.Rule.trules(self)) do for i, ofrags in ipairs(model.Rule.trules(self)) do
if ofrags.family == 'ip4' then table.insert(res, ofrags) end if ofrags.family == 'inet' then table.insert(res, ofrags) end
end end
return res return res
end end
...@@ -77,7 +77,7 @@ end ...@@ -77,7 +77,7 @@ end
classmap = {dnat=DNATRule, snat=SNATRule} classmap = {dnat=DNATRule, snat=SNATRule}
-- TODO configuration of the ipset via JSON config -- TODO configuration of the ipset via JSON config
defrules = {{family='ip4', table='nat', chain='POSTROUTING', defrules = {{family='inet', table='nat', chain='POSTROUTING',
opts='-m set --match-set awall-masquerade src -j awall-masquerade'}, opts='-m set --match-set awall-masquerade src -j awall-masquerade'},
{family='ip4', table='nat', chain='awall-masquerade', {family='inet', table='nat', chain='awall-masquerade',
opts='-m set ! --match-set awall-masquerade dst -j MASQUERADE'}} opts='-m set ! --match-set awall-masquerade dst -j MASQUERADE'}}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment