Commit 3911de11 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

streamlined sanity checking for allowed input/output interface options

parent f8da875b
......@@ -114,18 +114,13 @@ end
function Rule:defaultzones() return {nil, fwzone} end
function Rule:checkzoneoptfrag(ofrag) end
function Rule:zoneoptfrags()
local function zonepair(zin, zout)
local function zofs(zone, dir)
if not zone then return zone end
local ofrags = zone:optfrags(dir)
util.map(ofrags, function(x) self:checkzoneoptfrag(x) end)
return ofrags
return zone:optfrags(dir)
end
local chain, ofrags
......@@ -364,6 +359,17 @@ function Rule:trules()
util.extend(res, ffilter(self:extraoptfrags()))
tag(res, 'table', self:table(), false)
local function checkzof(ofrag, dir, chains)
if ofrag[dir] and util.contains(chains, ofrag.chain) then
self:error('Cannot specify '..dir..'bound interface ('..ofrag[dir]..')')
end
end
for i, ofrag in ipairs(res) do
checkzof(ofrag, 'in', {'OUTPUT', 'POSTROUTING'})
checkzof(ofrag, 'out', {'INPUT', 'PREROUTING'})
end
return combinations(res, ffilter({{family='inet'}, {family='inet6'}}))
end
......@@ -400,12 +406,6 @@ end
function ForwardOnlyRule:defaultzones() return {nil} end
function ForwardOnlyRule:checkzoneoptfrag(ofrag)
if ofrag.out then
self:error('Cannot specify outbound interface ('..ofrag.out..')')
end
end
function ForwardOnlyRule:chain() return 'PREROUTING' end
......
......@@ -14,12 +14,6 @@ local model = awall.model
local ClampMSSRule = model.class(model.ForwardOnlyRule)
function ClampMSSRule:checkzoneoptfrag(ofrag)
if ofrag['in'] then
self:error('Cannot specify inbound interface ('..ofrag['in']..')')
end
end
function ClampMSSRule:table() return 'mangle' end
function ClampMSSRule:chain() return 'POSTROUTING' end
......
......@@ -14,13 +14,6 @@ local model = awall.model
local NATRule = model.class(model.ForwardOnlyRule)
function NATRule:checkzoneoptfrag(ofrag)
local iface = ofrag[self.params.forbidif]
if iface then
self:error('Cannot specify '..self.params.forbidif..'bound interface ('..iface..')')
end
end
function NATRule:trules()
local res = {}
for i, ofrags in ipairs(model.ForwardOnlyRule.trules(self)) do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment