Commit e4df90e6 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

show generated rules per configuration object in level 4 dump

ordered rules shown at level 5
parent 044a5efc
...@@ -60,7 +60,7 @@ List optional policies: ...@@ -60,7 +60,7 @@ List optional policies:
Dump variable and zone definitions: Dump variable and zone definitions:
awall dump [level] awall dump [level]
Verbosity level is an integer in range 0-4 and defaults to 0. Verbosity level is an integer in range 0-5 and defaults to 0.
]]) ]])
os.exit() os.exit()
...@@ -128,19 +128,27 @@ if util.contains({'disable', 'enable'}, mode) then ...@@ -128,19 +128,27 @@ if util.contains({'disable', 'enable'}, mode) then
end end
config = policyset:load() input = policyset:load()
if mode == 'dump' then if mode == 'dump' then level = 0 + (arg[opind] or 0) end
level = 0 + (arg[opind] or 0)
if mode ~= 'dump' or level > 3 then
awall.loadmodules(basedir)
config = awall.Config.new(input)
end
require 'awall.iptables'
if mode == 'dump' then
require 'json' require 'json'
expconfig = config:expand() expinput = input:expand()
function capitalize(cls) function capitalize(cls)
return string.upper(string.sub(cls, 1, 1))..string.sub(cls, 2, -1) return string.upper(string.sub(cls, 1, 1))..string.sub(cls, 2, -1)
end end
for cls, objs in pairs(config.data) do for cls, objs in pairs(input.data) do
if level > 2 or (level == 2 and cls ~= 'service') or util.contains({'variable', if level > 2 or (level == 2 and cls ~= 'service') or util.contains({'variable',
'zone'}, 'zone'},
cls) then cls) then
...@@ -148,15 +156,25 @@ if mode == 'dump' then ...@@ -148,15 +156,25 @@ if mode == 'dump' then
items = {} items = {}
for k, v in pairs(objs) do for k, v in pairs(objs) do
exp = expconfig[cls][k] exp = expinput[cls][k]
expj = json.encode(exp) expj = json.encode(exp)
src = config.source[cls][k] src = input.source[cls][k]
if level == 0 then table.insert(items, {k, expj, src}) if level == 0 then table.insert(items, {k, expj, src})
else else
table.insert(items, data = {{capitalize(cls)..' '..k, json.encode(v)},
{k, {{capitalize(cls)..' '..k, json.encode(v)}, {'('..src..')',
{'('..src..')', util.compare(exp, v) and '' or '-> '..expj}}
util.compare(exp, v) and '' or '-> '..expj}}})
if level > 3 then
obj = config.objects[cls][k]
if type(obj) == 'table' and obj.info then
util.extend(data, obj:info())
end
end
table.insert(items, {k, data})
end end
end end
table.sort(items, function(a, b) return a[1] < b[1] end) table.sort(items, function(a, b) return a[1] < b[1] end)
...@@ -170,18 +188,7 @@ if mode == 'dump' then ...@@ -170,18 +188,7 @@ if mode == 'dump' then
end end
end end
if level < 4 then os.exit() end if level > 4 then config:print() end
end
require 'awall.iptables'
awall.loadmodules(basedir)
config = awall.Config.new(config)
if mode == 'dump' then
config:print()
elseif mode == 'translate' then elseif mode == 'translate' then
if verify then config:test() end if verify then config:test() end
......
...@@ -37,6 +37,16 @@ function ConfigObject:error(msg) error(self.location..': '..msg) end ...@@ -37,6 +37,16 @@ function ConfigObject:error(msg) error(self.location..': '..msg) end
function ConfigObject:trules() return {} end function ConfigObject:trules() return {} end
function ConfigObject:info()
local res = {}
for i, trule in ipairs(self:trules()) do
table.insert(res,
{' '..trule.family..'/'..trule.table..'/'..trule.chain,
trule.opts})
end
return res
end
Zone = class(ConfigObject) Zone = class(ConfigObject)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment