include/exclude actions in dnat, snat, and no-track rules

awall/model.lua

@@ -341,9 +341,16 @@ function Rule:table() return 'filter' end
 function Rule:position() return 'append' end
 
 function Rule:target()
-   if not self.action then self:error('Action not defined') end
-   if self.action == 'accept' then return 'ACCEPT' end
-   self:error('Invalid action: '..self.action)
+   -- alpine v2.7 compatibility
+   if self.action == 'accept' then
+      self:warning("'accept' action deprecated in favor of 'exclude'")
+      self.action = 'exclude'
+   end
+
+   if self.action == 'exclude' then return 'ACCEPT' end
+   if self.action and self.action ~= 'include' then
+      self:error('Invalid action: '..self.action)
+   end
 end
 
 

awall/modules/filter.lua

@@ -176,10 +176,10 @@ end
 
 function Filter:actiontarget()
    if self.action == 'tarpit' then return 'tarpit' end
-   if util.contains({'drop', 'reject'}, self.action) then
+   if util.contains({'accept', 'drop', 'reject'}, self.action) then
       return string.upper(self.action)
    end
-   return model.Rule.target(self)
+   self:error('Invalid filter action: '..self.action)
 end
 
 function Filter:target()

awall/modules/nat.lua

 --[[
 NAT module for Alpine Wall
-Copyright (C) 2012-2013 Kaarle Ritvanen
+Copyright (C) 2012-2014 Kaarle Ritvanen
 See LICENSE file for license details
 ]]--
 
@@ -41,17 +41,19 @@ end
 function NATRule:table() return 'nat' end
 
 function NATRule:target()
-   if self.action then return model.Rule.target(self) end
+   local target = model.Rule.target(self)
 
-   local addr = self['to-addr']
-   local target
-   if addr then
-      target = self.params.target..' --to-'..self.params.subject..' '..addr
-   else target = self.params.deftarget end
+   if not target then
+      local addr = self['to-addr']
+      if addr then
+	 target = self.params.target..' --to-'..self.params.subject..' '..addr
+      else target = self.params.deftarget end
 
-   if self['to-port'] then
-      target = target..(addr and ':' or ' --to-ports ')..self['to-port']
+      if self['to-port'] then
+	 target = target..(addr and ':' or ' --to-ports ')..self['to-port']
+      end
    end
+
    return target
 end
 

awall/modules/notrack.lua

 --[[
 Connection tracking bypass module for Alpine Wall
-Copyright (C) 2012-2013 Kaarle Ritvanen
+Copyright (C) 2012-2014 Kaarle Ritvanen
 See LICENSE file for license details
 ]]--
 
@@ -17,8 +17,7 @@ local NoTrackRule = model.class(model.Rule)
 function NoTrackRule:table() return 'raw' end
 
 function NoTrackRule:target()
-   if self.action then return model.Rule.target(self) end
-   return 'CT --notrack'
+   return model.Rule.target(self) or 'CT --notrack'
 end