Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
awall
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
7
Issues
7
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alpine
awall
Commits
ea47a4aa
Commit
ea47a4aa
authored
Aug 16, 2012
by
Kaarle Ritvanen
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
remove rule type-specific handling of zones and chains
parent
d44d633a
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
74 additions
and
49 deletions
+74
-49
awall/iptables.lua
awall/iptables.lua
+5
-6
awall/model.lua
awall/model.lua
+54
-30
awall/modules/clampmss.lua
awall/modules/clampmss.lua
+1
-3
awall/modules/mark.lua
awall/modules/mark.lua
+1
-1
awall/modules/nat.lua
awall/modules/nat.lua
+11
-7
awall/modules/notrack.lua
awall/modules/notrack.lua
+2
-2
No files found.
awall/iptables.lua
View file @
ea47a4aa
...
...
@@ -22,12 +22,11 @@ local families = {inet={cmd='iptables',
file
=
'rules6-save'
,
procfile
=
'/proc/net/ip6_tables_names'
}}
local
builtin
=
{
filter
=
{
'FORWARD'
,
'INPUT'
,
'OUTPUT'
},
mangle
=
{
'FORWARD'
,
'INPUT'
,
'OUTPUT'
,
'POSTROUTING'
,
'PREROUTING'
},
nat
=
{
'INPUT'
,
'OUTPUT'
,
'POSTROUTING'
,
'PREROUTING'
},
raw
=
{
'OUTPUT'
,
'PREROUTING'
},
security
=
{
'FORWARD'
,
'INPUT'
,
'OUTPUT'
}}
builtin
=
{
filter
=
{
'FORWARD'
,
'INPUT'
,
'OUTPUT'
},
mangle
=
{
'FORWARD'
,
'INPUT'
,
'OUTPUT'
,
'POSTROUTING'
,
'PREROUTING'
},
nat
=
{
'INPUT'
,
'OUTPUT'
,
'POSTROUTING'
,
'PREROUTING'
},
raw
=
{
'OUTPUT'
,
'PREROUTING'
},
security
=
{
'FORWARD'
,
'INPUT'
,
'OUTPUT'
}}
local
backupdir
=
'/var/run/awall'
...
...
awall/model.lua
View file @
ea47a4aa
...
...
@@ -9,9 +9,10 @@ module(..., package.seeall)
require
'awall'
require
'awall.host'
require
'awall.
util
'
require
'awall.
iptables
'
require
'awall.object'
require
'awall.optfrag'
require
'awall.util'
local
util
=
awall
.
util
local
combinations
=
awall
.
optfrag
.
combinations
...
...
@@ -118,8 +119,6 @@ function Rule:init(...)
end
end
function
Rule
:
defaultzones
()
return
{
nil
,
fwzone
}
end
function
Rule
:
zoneoptfrags
()
...
...
@@ -139,6 +138,17 @@ function Rule:zoneoptfrags()
chain
=
string.upper
(
dir
)
..
'PUT'
ofrags
=
zofs
(
z
,
dir
)
elseif
not
zin
or
not
zout
then
if
zin
then
chain
=
'PREROUTING'
ofrags
=
zofs
(
zin
,
'in'
)
elseif
zout
then
chain
=
'POSTROUTING'
ofrags
=
zofs
(
zout
,
'out'
)
end
else
chain
=
'FORWARD'
ofrags
=
combinations
(
zofs
(
zin
,
'in'
),
zofs
(
zout
,
'out'
))
...
...
@@ -152,16 +162,14 @@ function Rule:zoneoptfrags()
end
end
if
not
ofrags
then
ofrags
=
{{}}
end
for
i
,
ofrag
in
ipairs
(
ofrags
)
do
ofrag
.
fchain
=
chain
end
return
ofrags
return
combinations
(
ofrags
,
chain
and
{{
chain
=
chain
}}
or
{{
chain
=
'PREROUTING'
},
{
chain
=
'OUTPUT'
}})
end
local
res
=
{}
local
izones
=
self
[
'in'
]
or
self
:
defaultzones
()
local
ozones
=
self
.
out
or
self
:
defaultzones
()
local
izones
=
self
[
'in'
]
or
{}
local
ozones
=
self
.
out
or
{}
for
i
=
1
,
math.max
(
1
,
table
.
maxn
(
izones
))
do
for
j
=
1
,
math.max
(
1
,
table
.
maxn
(
ozones
))
do
...
...
@@ -248,8 +256,6 @@ end
function
Rule
:
table
()
return
'filter'
end
function
Rule
:
chain
()
return
nil
end
function
Rule
:
position
()
return
'append'
end
function
Rule
:
target
()
...
...
@@ -327,7 +333,6 @@ function Rule:trules()
res
=
combinations
(
res
,
self
:
servoptfrags
())
setfamilies
(
res
)
tag
(
res
,
'chain'
,
self
:
chain
())
local
addrofrags
=
combinations
(
self
:
create
(
Zone
,
{
addr
=
self
.
src
}):
optfrags
(
'in'
),
self
:
destoptfrags
())
...
...
@@ -366,7 +371,42 @@ function Rule:trules()
util
.
extend
(
res
,
ffilter
(
self
:
extraoptfrags
()))
tag
(
res
,
'table'
,
self
:
table
(),
false
)
local
tbl
=
self
:
table
()
local
function
convertchains
(
ofrags
)
local
res
=
{}
for
i
,
ofrag
in
ipairs
(
ofrags
)
do
if
util
.
contains
(
awall
.
iptables
.
builtin
[
tbl
],
ofrag
.
chain
)
then
table.insert
(
res
,
ofrag
)
else
local
chains
if
ofrag
.
chain
==
'PREROUTING'
then
chains
=
{
'FORWARD'
,
'INPUT'
}
elseif
ofrag
.
chain
==
'POSTROUTING'
then
chains
=
{
'FORWARD'
,
'OUTPUT'
}
elseif
util
.
contains
({
'INPUT'
,
'FORWARD'
},
ofrag
.
chain
)
then
chains
=
{
'PREROUTING'
}
end
if
chains
then
ofrag
.
chain
=
nil
util
.
extend
(
res
,
convertchains
(
combinations
({
ofrag
},
util
.
map
(
chains
,
function
(
c
)
return
{
chain
=
c
}
end
))))
else
table.insert
(
res
,
ofrag
)
end
end
end
return
res
end
res
=
convertchains
(
res
)
tag
(
res
,
'table'
,
tbl
,
false
)
local
function
checkzof
(
ofrag
,
dir
,
chains
)
if
ofrag
[
dir
]
and
util
.
contains
(
chains
,
ofrag
.
chain
)
then
...
...
@@ -401,21 +441,5 @@ function Rule:newchain(key)
end
ForwardOnlyRule
=
class
(
Rule
)
function
ForwardOnlyRule
:
init
(
...
)
Rule
.
init
(
self
,
unpack
(
arg
))
for
i
,
dir
in
ipairs
({
'in'
,
'out'
})
do
if
self
[
dir
]
and
util
.
contains
(
self
[
dir
],
fwzone
)
then
self
:
error
(
'Not applicable to the firewall zone'
)
end
end
end
function
ForwardOnlyRule
:
defaultzones
()
return
{
nil
}
end
function
ForwardOnlyRule
:
chain
()
return
'PREROUTING'
end
classes
=
{{
'zone'
,
Zone
}}
awall/modules/clampmss.lua
View file @
ea47a4aa
...
...
@@ -12,12 +12,10 @@ require 'awall.model'
local
model
=
awall
.
model
local
ClampMSSRule
=
model
.
class
(
model
.
ForwardOnly
Rule
)
local
ClampMSSRule
=
model
.
class
(
model
.
Rule
)
function
ClampMSSRule
:
table
()
return
'mangle'
end
function
ClampMSSRule
:
chain
()
return
'POSTROUTING'
end
function
ClampMSSRule
:
servoptfrags
()
return
{{
opts
=
'-p tcp --tcp-flags SYN,RST SYN'
}}
end
...
...
awall/modules/mark.lua
View file @
ea47a4aa
...
...
@@ -14,7 +14,7 @@ require 'awall.util'
local
model
=
awall
.
model
local
MarkRule
=
model
.
class
(
model
.
ForwardOnly
Rule
)
local
MarkRule
=
model
.
class
(
model
.
Rule
)
function
MarkRule
:
table
()
return
'mangle'
end
...
...
awall/modules/nat.lua
View file @
ea47a4aa
...
...
@@ -8,15 +8,19 @@ Licensed under the terms of GPL2
module
(
...
,
package
.
seeall
)
require
'awall.model'
require
'awall.util'
local
model
=
awall
.
model
local
NATRule
=
model
.
class
(
model
.
ForwardOnly
Rule
)
local
NATRule
=
model
.
class
(
model
.
Rule
)
function
NATRule
:
trules
()
local
res
=
{}
for
i
,
ofrags
in
ipairs
(
model
.
ForwardOnlyRule
.
trules
(
self
))
do
for
i
,
ofrags
in
ipairs
(
model
.
Rule
.
trules
(
self
))
do
if
not
awall
.
util
.
contains
(
self
.
params
.
chains
,
ofrags
.
chain
)
then
self
:
error
(
'Inappropriate zone definitions for a '
..
self
.
params
.
target
..
' rule'
)
end
if
ofrags
.
family
==
'inet'
then
table.insert
(
res
,
ofrags
)
end
end
return
res
...
...
@@ -24,10 +28,8 @@ end
function
NATRule
:
table
()
return
'nat'
end
function
NATRule
:
chain
()
return
self
.
params
.
chain
end
function
NATRule
:
target
()
if
self
.
action
then
return
model
.
ForwardOnly
Rule
.
target
(
self
)
end
if
self
.
action
then
return
model
.
Rule
.
target
(
self
)
end
local
target
if
self
[
'ip-range'
]
then
...
...
@@ -44,7 +46,8 @@ local DNATRule = model.class(NATRule)
function
DNATRule
:
init
(
...
)
NATRule
.
init
(
self
,
unpack
(
arg
))
self
.
params
=
{
forbidif
=
'out'
,
subject
=
'destination'
,
chain
=
'PREROUTING'
,
target
=
'DNAT'
,
deftarget
=
'REDIRECT'
}
chains
=
{
'INPUT'
,
'PREROUTING'
},
target
=
'DNAT'
,
deftarget
=
'REDIRECT'
}
end
...
...
@@ -53,7 +56,8 @@ local SNATRule = model.class(NATRule)
function
SNATRule
:
init
(
...
)
NATRule
.
init
(
self
,
unpack
(
arg
))
self
.
params
=
{
forbidif
=
'in'
,
subject
=
'source'
,
chain
=
'POSTROUTING'
,
target
=
'SNAT'
,
deftarget
=
'MASQUERADE'
}
chains
=
{
'OUTPUT'
,
'POSTROUTING'
},
target
=
'SNAT'
,
deftarget
=
'MASQUERADE'
}
end
...
...
awall/modules/notrack.lua
View file @
ea47a4aa
...
...
@@ -12,12 +12,12 @@ require 'awall.model'
local
model
=
awall
.
model
local
NoTrackRule
=
model
.
class
(
model
.
ForwardOnly
Rule
)
local
NoTrackRule
=
model
.
class
(
model
.
Rule
)
function
NoTrackRule
:
table
()
return
'raw'
end
function
NoTrackRule
:
target
()
if
self
.
action
then
return
model
.
ForwardOnly
Rule
.
target
(
self
)
end
if
self
.
action
then
return
model
.
Rule
.
target
(
self
)
end
return
'NOTRACK'
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment