Commit 0ae7ea31 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

generate separate file for each ipset

do not overwrite existing ipset files
parent fef090cc
......@@ -89,9 +89,7 @@ opts, opind = alt_getopt.get_opts(arg, short_opts, long_opts)
for switch, value in pairs(opts) do
if switch == 'f' then force = true
elseif switch == 'V' then verify = true
elseif switch == 'o' then
iptdir = value
ipsfile = value..'/ipset'
elseif switch == 'o' then outputdir = value
else table.insert(params[switch], value) end
end
......@@ -192,7 +190,7 @@ if mode == 'dump' then
elseif mode == 'translate' then
if verify then config:test() end
config:dump(iptdir, ipsfile)
config:dump(outputdir)
elseif mode == 'activate' then
......
......@@ -138,9 +138,9 @@ function Config:print()
self.iptables:print()
end
function Config:dump(iptdir, ipsfile)
self.ipset:dump(ipsfile or '/etc/ipset.d/awall')
self.iptables:dump(iptdir or '/etc/iptables')
function Config:dump(dir)
self.ipset:dump(dir or '/etc/ipset.d')
self.iptables:dump(dir or '/etc/iptables')
end
function Config:test()
......
......@@ -8,42 +8,50 @@ Licensed under the terms of GPL2
module(..., package.seeall)
require 'awall.object'
require 'awall.util'
IPSet = awall.object.class(awall.object.Object)
function IPSet:init(config) self.config = config end
function IPSet:init(config) self.config = config or {} end
function IPSet:commands()
local res = {'# ipset file generated by awall\n'}
if self.config then
for name, ipset in pairs(self.config) do
if not ipset.type then ipset:error('Type not defined') end
if not ipset.family then ipset:error('Family not defined') end
table.insert(res,
'create '..name..' '..ipset.type..' family '..ipset.family..'\n')
end
end
return res
function IPSet:options(name)
local ipset = self.config[name]
if not ipset.type then ipset:error('Type not defined') end
if not ipset.family then ipset:error('Family not defined') end
return {ipset.type, 'family', ipset.family}
end
function IPSet:dumpfile(name, ipsfile)
ipsfile:write('# ipset '..name..'\n')
ipsfile:write(awall.util.join(self:options(name), ' '))
ipsfile:write('\n')
end
function IPSet:create()
for i, line in ipairs(self:commands()) do
local pid, stdin = lpc.run('ipset', '-!', 'restore')
stdin:write(line)
stdin:close()
for name, ipset in pairs(self.config) do
local pid = lpc.run('ipset', '-!', 'create', name,
unpack(self:options(name)))
if lpc.wait(pid) ~= 0 then
io.stderr:write('ipset command failed: '..line)
io.stderr:write('ipset creation failed: '..name)
end
end
end
function IPSet:print(file)
if not file then file = io.stdout end
for i, line in ipairs(self:commands()) do file:write(line) end
function IPSet:print()
for name, ipset in pairs(self.config) do
self:dumpfile(name, io.stdout)
io.stdout:write('\n')
end
end
function IPSet:dump(ipsfile)
local file = io.output(ipsfile)
self:print(file)
file:close()
function IPSet:dump(ipsdir)
for name, ipset in pairs(self.config) do
local fname = ipsdir..'/'..name
local file = io.open(fname)
if not file then
file = io.open(fname, 'w')
self:dumpfile(name, file)
end
file:close()
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment