IPSet support in Awall: family option not supported.
I’m trying to use ipset with awall.
This is the json i’m using:
{
“description”: “Mac Filtering on No-DHCP Interface”,
“import”: “bsna-resnet-base”,
“ipset”: {
“netnodhcp”: {
“type”: “bitmap:ip,mac”,
“range”: “172.17.48.0/22”,
“family”: “inet”
}
},
“filter”: \[
{
“in”: “D601”,
“ipset”: { “name”: “netnodhcp”, “args”: “in” },
“out”: “E”,
“action”: “accept”
}
\]
}
applying this rule with awall activate, i got this error:
ipset v6.14: Unknown argument: `family’
Try `ipset help’ for more information.
ipset creation failed: netnodhcpWarning: inet6 rules not tested
New firewall configuration activated
Problem seems exists because ipset command receive “family” as arguments, that ipset does not handle.
I found make it works with the following patch, substituting “family” options with “range”:
—- ./usr/share/lua/5.1/awall/ipset.lua
<span class="underline"></span>+ ipset.lua
@@ –17,7 +17,8 @@
local ipset = self.config\[name\]
if not ipset.type then ipset:error(‘Type not defined’) end
if not ipset.family then ipset:error(‘Family not defined’) end
- return {ipset.type, ‘family’, ipset.family}
+ return {ipset.type, ‘range’, ipset.range }
+— return {ipset.type, ‘family’, ipset.family}
end
function IPSet:dumpfile(name, ipsfile)
@@ –28,10 +29,9 @@
function IPSet:create()
for name, ipset in pairs(self.config) do
\- local pid = lpc.run(‘ipset’, ‘-!’, ‘create’, name,
\- unpack(self:options(name)))
+ local pid = lpc.run(‘ipset’, ‘-!’, ‘create’, name,
unpack(self:options(name)))
if lpc.wait(pid) ~= 0 then
- io.stderr:write(‘ipset creation failed: ’..name)
+ io.stderr:write(‘ipset creation failed: ’..name)
end
end
end
I’d like to know your opinion at this regard.
Thanks.
(from redmine: issue id 1535, created on 2013-01-07, closed on 2013-02-08)
- Changesets:
- Revision a7c8d071 by Kaarle Ritvanen on 2013-01-18T18:19:43Z:
properly support ipset types other than hashes
move ipset config object handling to model.lua
fixes #1535