Commit b8b655ec authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

custom chains

parent 5733f48e
......@@ -11,7 +11,10 @@ local class = require('awall.class')
local resolve = require('awall.dependency')
local IPSet = require('awall.ipset')
local IPTables = require('awall.iptables').IPTables
local optfrag = require('awall.optfrag')
local combinations = optfrag.combinations
M.PolicySet = require('awall.policy')
local util = require('awall.util')
......@@ -21,7 +24,7 @@ local extend = util.extend
local posix = require('posix')
local chdir = posix.chdir
local endswith = require('stringy').endswith
local stringy = require('stringy')
local events
......@@ -82,7 +85,7 @@ function M.Config:init(policyconfig)
local actions = {}
local function insertrules(trules)
local function insertrules(trules, obj)
for i, trule in ipairs(trules) do
local t = self.iptables.config[trule.family][trule.table][trule.chain]
local opts = optfrag.command(trule)
......@@ -96,7 +99,19 @@ function M.Config:init(policyconfig)
local key = optfrag.location(acfrag)
if not actions[key] then
actions[key] = true
insertrules(optfrag.combinations(achains, {acfrag}))
if stringy.startswith(trule.target, 'custom:') then
local name = trule.target:sub(8, -1)
local rules = (self.objects.custom or {})[name]
if not rules then
obj:error('Invalid custom chain: '..name)
end
insertrules(
combinations(
{{chain=trule.target}}, util.list(rules), {acfrag}
),
rules
)
else insertrules(combinations(achains, {acfrag})) end
end
end
......@@ -135,7 +150,7 @@ function M.Config:init(policyconfig)
end
elseif self.objects[event] then
for i, rule in ipairs(self.objects[event]) do
insertrules(rule:trules())
insertrules(rule:trules(), rule)
end
end
end
......
......@@ -609,7 +609,9 @@ end
function M.Rule:customtarget()
if self.action then
local as = self.action:sub(1, 1)
if as == as:upper() then return self.action end
if as == as:upper() or startswith(self.action, 'custom:') then
return self.action
end
end
end
......@@ -718,6 +720,10 @@ function M.Limit:limitofrags(name)
end
M.export = {zone={class=M.Zone}, ipset={class=IPSet, before='%modules'}}
M.export = {
custom={class=M.ConfigObject},
ipset={class=IPSet, before='%modules'},
zone={class=M.Zone}
}
return M
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment