summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Firewall.hs
diff options
context:
space:
mode:
authorDaniel Brooks2015-08-02 00:59:28 -0400
committerDaniel Brooks2015-08-02 00:59:28 -0400
commiteb15f06896aeb208d19f6f322905c7782125356e (patch)
tree6f28ac50e476e83b212e2827a10d4b6dee0730c9 /src/Propellor/Property/Firewall.hs
parent65b511e2d4f4ec9864167e414e76b967eda32dba (diff)
parentb7a9655a695103b3ca2e4e6edfe305f9b44d9250 (diff)
Merge branch 'joeyconfig' of git://git.kitenet.net/propellor into joeyconfig
Conflicts: src/Propellor/Property/SiteSpecific/IABak.hs
Diffstat (limited to 'src/Propellor/Property/Firewall.hs')
-rw-r--r--src/Propellor/Property/Firewall.hs24
1 files changed, 10 insertions, 14 deletions
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs
index 66292c8b..d643b185 100644
--- a/src/Propellor/Property/Firewall.hs
+++ b/src/Propellor/Property/Firewall.hs
@@ -9,7 +9,6 @@ module Propellor.Property.Firewall (
Target(..),
Proto(..),
Rules(..),
- Port,
ConnectionState(..)
) where
@@ -18,7 +17,6 @@ import Data.Char
import Data.List
import Propellor
-import Utility.SafeCommand
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Network as Network
@@ -46,8 +44,8 @@ toIpTable r = map Param $
toIpTableArg :: Rules -> [String]
toIpTableArg Everything = []
toIpTableArg (Proto proto) = ["-p", map toLower $ show proto]
-toIpTableArg (Port port) = ["--dport", show port]
-toIpTableArg (PortRange (f,t)) = ["--dport", show f ++ ":" ++ show t]
+toIpTableArg (DPort port) = ["--dport", show port]
+toIpTableArg (DPortRange (f,t)) = ["--dport", show f ++ ":" ++ show t]
toIpTableArg (IFace iface) = ["-i", iface]
toIpTableArg (Ctstate states) = ["-m", "conntrack","--ctstate", concat $ intersperse "," (map show states)]
toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r'
@@ -56,33 +54,31 @@ data Rule = Rule
{ ruleChain :: Chain
, ruleTarget :: Target
, ruleRules :: Rules
- } deriving (Eq, Show, Read)
+ } deriving (Eq, Show)
data Chain = INPUT | OUTPUT | FORWARD
- deriving (Eq,Show,Read)
+ deriving (Eq, Show)
data Target = ACCEPT | REJECT | DROP | LOG
- deriving (Eq,Show,Read)
+ deriving (Eq, Show)
data Proto = TCP | UDP | ICMP
- deriving (Eq,Show,Read)
-
-type Port = Int
+ deriving (Eq, Show)
data ConnectionState = ESTABLISHED | RELATED | NEW | INVALID
- deriving (Eq,Show,Read)
+ deriving (Eq, Show)
data Rules
= Everything
| Proto Proto
-- ^There is actually some order dependency between proto and port so this should be a specific
-- data type with proto + ports
- | Port Port
- | PortRange (Port,Port)
+ | DPort Port
+ | DPortRange (Port,Port)
| IFace Network.Interface
| Ctstate [ ConnectionState ]
| Rules :- Rules -- ^Combine two rules
- deriving (Eq,Show,Read)
+ deriving (Eq, Show)
infixl 0 :-