Commit a7c8d071 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

properly support ipset types other than hashes

move ipset config object handling to model.lua
fixes #1535
parent 9635c871
--[[
Alpine Wall main module
Copyright (C) 2012 Kaarle Ritvanen
Copyright (C) 2012-2013 Kaarle Ritvanen
Licensed under the terms of GPL2
]]--
......@@ -76,17 +76,6 @@ function Config:init(policyconfig)
self.objects = policyconfig:expand()
self.iptables = iptables.IPTables.new()
local function morph(path, cls)
local objs = self.objects[path]
if objs then
for k, v in pairs(objs) do
objs[k] = cls.morph(v,
self,
path..' '..k..' ('..policyconfig.source[path][k]..')')
end
end
end
local acfrags = {}
local function insertrules(trules)
......@@ -115,7 +104,18 @@ function Config:init(policyconfig)
end
end
for i, path in ipairs(procorder) do morph(path, classmap[path]) end
for i, path in ipairs(procorder) do
local objs = self.objects[path]
if objs then
for k, v in pairs(objs) do
objs[k] = classmap[path].morph(
v,
self,
path..' '..k..' ('..policyconfig.source[path][k]..')'
)
end
end
end
insertdefrules('pre')
......@@ -132,7 +132,6 @@ function Config:init(policyconfig)
for k, v in pairs(acfrags) do table.insert(ofrags, v) end
insertrules(optfrag.combinations(achains, ofrags))
morph('ipset', awall.model.ConfigObject)
self.ipset = ipset.IPSet.new(self.objects.ipset)
end
......
--[[
Ipset file dumper for Alpine Wall
Copyright (C) 2012 Kaarle Ritvanen
Copyright (C) 2012-2013 Kaarle Ritvanen
Licensed under the terms of GPL2
]]--
......@@ -13,23 +13,16 @@ IPSet = awall.object.class()
function IPSet:init(config) self.config = config or {} end
function IPSet:options(name)
local ipset = self.config[name]
if not ipset.type then ipset:error('Type not defined') end
if not ipset.family then ipset:error('Family not defined') end
return {ipset.type, 'family', ipset.family}
end
function IPSet:dumpfile(name, ipsfile)
ipsfile:write('# ipset '..name..'\n')
ipsfile:write(table.concat(self:options(name), ' '))
ipsfile:write(table.concat(self.config[name].options, ' '))
ipsfile:write('\n')
end
function IPSet:create()
for name, ipset in pairs(self.config) do
local pid = lpc.run('ipset', '-!', 'create', name,
unpack(self:options(name)))
unpack(ipset.options))
if lpc.wait(pid) ~= 0 then
io.stderr:write('ipset creation failed: '..name)
end
......
--[[
Base data model for Alpine Wall
Copyright (C) 2012 Kaarle Ritvanen
Copyright (C) 2012-2013 Kaarle Ritvanen
Licensed under the terms of GPL2
]]--
......@@ -19,8 +19,10 @@ local combinations = awall.optfrag.combinations
class = awall.object.class
require 'stringy'
ConfigObject = class()
local ConfigObject = class()
function ConfigObject:init(context, location)
if context then
......@@ -95,6 +97,28 @@ end
fwzone = Zone.new()
IPSet = class(ConfigObject)
function IPSet:init(...)
ConfigObject.init(self, unpack(arg))
if not self.type then self:error('Type not defined') end
if stringy.startswith(self.type, 'bitmap:') then
if not self.range then self:error('Range not defined') end
self.options = {self.type, 'range', self.range}
self.family = 'inet'
elseif stringy.startswith(self.type, 'hash:') then
if not self.family then self:error('Family not defined') end
self.options = {self.type, 'family', self.family}
elseif self.type == 'list:set' then self.options = {self.type}
else self:error('Invalid type: '..self.type) end
end
Rule = class(ConfigObject)
......@@ -455,5 +479,5 @@ function Rule:newchain(key)
end
classes = {{'zone', Zone}}
classes = {{'zone', Zone}, {'ipset', IPSet}}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment