Commit 08529e3f authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

Rule: trule filtering and amendment

parent ad7909da
......@@ -590,11 +590,19 @@ function M.Rule:trules()
checkzof(ofrag, 'out', {'INPUT', 'PREROUTING'})
end
return combinations(ofrags, ffilter({{family='inet'}, {family='inet6'}}))
ofrags = filter(
combinations(ofrags, ffilter({{family='inet'}, {family='inet6'}})),
function(r) return self:trulefilter(r) end
)
return extend(ofrags, self:extratrules(ofrags))
end
function M.Rule:extraoptfrags() return {} end
function M.Rule:trulefilter(rule) return true end
function M.Rule:extratrules(rules) return {} end
function M.Rule:extrarules(label, cls, options)
local params = {}
......
--[[
Packet classification module for Alpine Wall
Copyright (C) 2012-2015 Kaarle Ritvanen
Copyright (C) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details
]]--
......@@ -22,17 +22,10 @@ function ClassificationRule:target()
return 'DSCP --set-dscp-class '..self.class
end
function ClassificationRule:trules()
local res = ClassificationRule.super(self):trules()
if not self.reverse then
extend(
res,
self:extrarules(
'reply', 'classify', {attrs='class', update={reverse=true}}
)
)
end
return res
function ClassificationRule:extratrules(rules)
return not self.reverse and self:extrarules(
'reply', 'classify', {attrs='class', update={reverse=true}}
)
end
return {export={classify={class=ClassificationRule}}}
......@@ -86,6 +86,11 @@ end
local TranslatingRule = class(Rule)
function TranslatingRule:init(...)
TranslatingRule.super(self):init(...)
if type(self.dnat) == 'string' then self.dnat = {addr=self.dnat} end
end
function TranslatingRule:destoptfrags()
local ofrags = TranslatingRule.super(self):destoptfrags()
if not self.dnat then return ofrags end
......@@ -208,7 +213,7 @@ function Filter:init(...)
end
end
function Filter:trules()
function Filter:extratrules()
local res = {}
local function extrarules(label, cls, options)
......@@ -228,7 +233,6 @@ function Filter:trules()
self:error('dnat and ipset options cannot be used simultaneously')
end
if type(self.dnat) == 'string' then self.dnat = {addr=self.dnat} end
if self.dnat.addr:find('/') then
self:error('DNAT target cannot be a network address')
end
......@@ -262,8 +266,6 @@ function Filter:trules()
extrarules('no-track', 'no-track')
end
extend(res, Filter.super(self):trules())
if self.action == 'accept' then
if self:position() == 'prepend' then
extrarules('final', LoggingRule, {update={log=self.log}})
......
--[[
NAT module for Alpine Wall
Copyright (C) 2012-2015 Kaarle Ritvanen
Copyright (C) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details
]]--
......@@ -25,15 +25,13 @@ function NATRule:init(...)
end
end
function NATRule:trules()
local res = {}
for i, ofrags in ipairs(NATRule.super(self):trules()) do
if not contains(self.params.chains, ofrags.chain) then
self:error('Inappropriate zone definitions for a '..self.params.target..' rule')
end
if ofrags.family == 'inet' then table.insert(res, ofrags) end
function NATRule:trulefilter(rule)
if not contains(self.params.chains, rule.chain) then
self:error(
'Inappropriate zone definitions for a '..self.params.target..' rule'
)
end
return res
return rule.family == 'inet'
end
function NATRule:table() return 'nat' end
......
......@@ -10,13 +10,7 @@ local model = require('awall.model')
local TTLRule = model.class(model.Rule)
function TTLRule:trules()
local res = {}
for _, rule in ipairs(TTLRule.super(self):trules()) do
if rule.family == 'inet' then table.insert(res, rule) end
end
return res
end
function TTLRule:trulefilter(rule) return rule.family == 'inet' end
function TTLRule:table() return 'mangle' end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment