Commit a58b2bc8 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

early detection of missing kernel support

parent 9c932a74
......@@ -152,6 +152,7 @@ end
uerror = require('awall.uerror')
call = uerror.call
raise = uerror.raise
if not call(
function()
......@@ -194,7 +195,7 @@ if not call(
repeat
local name = arg[opind]
local policy = policyset.policies[name]
if not policy then uerror.raise('No such policy: '..name) end
if not policy then raise('No such policy: '..name) end
policy[mode](policy)
opind = opind + 1
until opind > #arg
......@@ -320,6 +321,10 @@ if not call(
elseif mode == 'activate' then
if not iptables.isenabled() then
raise('Firewall not enabled in kernel')
end
iptables.backup()
local pid, interrupted
......
--[[
Iptables file dumper for Alpine Wall
Copyright (C) 2012-2016 Kaarle Ritvanen
Copyright (C) 2012-2019 Kaarle Ritvanen
See LICENSE file for license details
]]--
local class = require('awall.class')
local ACTIVE = require('awall.family').ACTIVE
local raise = require('awall.uerror').raise
local util = require('awall.util')
......@@ -13,8 +14,8 @@ local printmsg = util.printmsg
local sortedkeys = util.sortedkeys
local mkdir = require('posix').mkdir
local lpc = require('lpc')
local posix = require('posix')
local M = {}
......@@ -37,6 +38,21 @@ M.builtin = {
local backupdir = '/var/run/awall'
local _actfamilies
local function actfamilies()
if _actfamilies then return _actfamilies end
_actfamilies = {}
for _, family in ipairs(ACTIVE) do
if posix.stat(families[family].procfile) then
table.insert(_actfamilies, family)
else printmsg('Warning: firewall not enabled for '..family) end
end
return _actfamilies
end
function M.isenabled() return #actfamilies() > 0 end
local BaseIPTables = class()
function BaseIPTables:print()
......@@ -55,27 +71,15 @@ function BaseIPTables:dump(dir)
end
function BaseIPTables:restore(test)
local disabled = true
for family, params in pairs(families) do
local file = io.open(params.procfile)
if file then
io.close(file)
local pid, stdin, stdout = lpc.run(
params.cmd..'-restore', table.unpack{test and '-t' or nil}
)
stdout:close()
self:dumpfile(family, stdin)
stdin:close()
assert(lpc.wait(pid) == 0)
disabled = false
elseif test then printmsg('Warning: '..family..' rules not tested') end
for _, family in ipairs(actfamilies()) do
local pid, stdin, stdout = lpc.run(
families[family].cmd..'-restore', table.unpack{test and '-t' or nil}
)
stdout:close()
self:dumpfile(family, stdin)
stdin:close()
assert(lpc.wait(pid) == 0)
end
if disabled then raise('Firewall not enabled in kernel') end
end
function BaseIPTables:activate()
......@@ -142,7 +146,7 @@ end
function M.backup()
mkdir(backupdir)
posix.mkdir(backupdir)
Current():dump(backupdir)
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment