include/exclude actions in dnat, snat, and no-track rules

26bf38cd · Kaarle Ritvanen · b2a61c87 · 26bf38cd · 26bf38cd · 26bf38cd
Commit 26bf38cd authored Mar 31, 2014 by Kaarle Ritvanen
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 17 deletions

model.lua awall/model.lua +10 -3

filter.lua awall/modules/filter.lua +2 -2

nat.lua awall/modules/nat.lua +11 -9

notrack.lua awall/modules/notrack.lua +2 -3

No files found.
--- a/awall/model.lua
+++ b/awall/model.lua
@@ -341,9 +341,16 @@ function Rule:table() return 'filter' end
 function Rule:position() return 'append' end

 function Rule:target()
-   if not self.action then self:error('Action not defined') end
-   if self.action == 'accept' then return 'ACCEPT' end
-   self:error('Invalid action: '..self.action)
+   -- alpine v2.7 compatibility
+   if self.action == 'accept' then
+      self:warning("'accept' action deprecated in favor of 'exclude'")
+      self.action = 'exclude'
+   end
+
+   if self.action == 'exclude' then return 'ACCEPT' end
+   if self.action and self.action ~= 'include' then
+      self:error('Invalid action: '..self.action)
+   end
 end



--- a/awall/modules/filter.lua
+++ b/awall/modules/filter.lua
@@ -176,10 +176,10 @@ end

 function Filter:actiontarget()
   if self.action == 'tarpit' then return 'tarpit' end
-   if util.contains({'drop', 'reject'}, self.action) then
+   if util.contains({'accept', 'drop', 'reject'}, self.action) then
      return string.upper(self.action)
   end
-   return model.Rule.target(self)
+   self:error('Invalid filter action: '..self.action)
 end

 function Filter:target()

--- a/awall/modules/nat.lua
+++ b/awall/modules/nat.lua
 --[[
 NAT module for Alpine Wall
-Copyright (C) 2012-2013 Kaarle Ritvanen
+Copyright (C) 2012-2014 Kaarle Ritvanen
 See LICENSE file for license details
 ]]--

@@ -41,17 +41,19 @@ end
 function NATRule:table() return 'nat' end

 function NATRule:target()
-   if self.action then return model.Rule.target(self) end
+   local target = model.Rule.target(self)

-   local addr = self['to-addr']
-   local target
-   if addr then
-      target = self.params.target..' --to-'..self.params.subject..' '..addr
-   else target = self.params.deftarget end
+   if not target then
+      local addr = self['to-addr']
+      if addr then
+	 target = self.params.target..' --to-'..self.params.subject..' '..addr
+      else target = self.params.deftarget end

-   if self['to-port'] then
-      target = target..(addr and ':' or ' --to-ports ')..self['to-port']
+      if self['to-port'] then
+	 target = target..(addr and ':' or ' --to-ports ')..self['to-port']
+      end
   end
+
   return target
 end


--- a/awall/modules/notrack.lua
+++ b/awall/modules/notrack.lua
 --[[
 Connection tracking bypass module for Alpine Wall
-Copyright (C) 2012-2013 Kaarle Ritvanen
+Copyright (C) 2012-2014 Kaarle Ritvanen
 See LICENSE file for license details
 ]]--

@@ -17,8 +17,7 @@ local NoTrackRule = model.class(model.Rule)
 function NoTrackRule:table() return 'raw' end

 function NoTrackRule:target()
-   if self.action then return model.Rule.target(self) end
-   return 'CT --notrack'
+   return model.Rule.target(self) or 'CT --notrack'
 end