summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Firewall.hs
diff options
context:
space:
mode:
authorJoey Hess2014-10-31 10:20:34 -0400
committerJoey Hess2014-10-31 10:20:34 -0400
commit3a1f058c64dd073e6326f8a8f1755e6892ab127a (patch)
tree5811fa693aa5cb58c00067c4beca36b577f50fd8 /src/Propellor/Property/Firewall.hs
parent63560cde90691dbd51d1bdf0b484d0ff0bc9a763 (diff)
changed indentation for consistency with the rest of propellor
Diffstat (limited to 'src/Propellor/Property/Firewall.hs')
-rw-r--r--src/Propellor/Property/Firewall.hs87
1 files changed, 46 insertions, 41 deletions
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs
index 68e9e9f8..e1570175 100644
--- a/src/Propellor/Property/Firewall.hs
+++ b/src/Propellor/Property/Firewall.hs
@@ -2,10 +2,15 @@
--
-- Copyright 2014 Arnaud Bailly <arnaud.oqube@gmail.com>
-- License: BSD-2-Clause
-module Propellor.Property.Firewall(
- rule,
- installed,
- Chain(..),Target(..),Proto(..),Rules(..),ConnectionState(..)) where
+module Propellor.Property.Firewall (
+ rule,
+ installed,
+ Chain(..),
+ Target(..),
+ Proto(..),
+ Rules(..),
+ ConnectionState(..)
+) where
import Data.Monoid
import Data.Char
@@ -22,20 +27,21 @@ installed = Apt.installed ["iptables"]
rule :: Chain -> Target -> Rules -> Property
rule c t rs = property ("firewall rule: " <> show r) addIpTable
where
- r = Rule c t rs
- addIpTable = liftIO $ do
- let args = toIpTable r
- exist <- boolSystem "/sbin/iptables" (chk args)
- if exist then
- return NoChange
- else ifM (boolSystem "/sbin/iptables" (add args))
- ( return MadeChange , return FailedChange)
- add params = (Param "-A") : params
- chk params = (Param "-C") : params
+ r = Rule c t rs
+ addIpTable = liftIO $ do
+ let args = toIpTable r
+ exist <- boolSystem "/sbin/iptables" (chk args)
+ if exist
+ then return NoChange
+ else ifM (boolSystem "/sbin/iptables" (add args))
+ ( return MadeChange , return FailedChange)
+ add params = (Param "-A") : params
+ chk params = (Param "-C") : params
toIpTable :: Rule -> [CommandParam]
-toIpTable r = map Param ((show $ ruleChain r) :
- (toIpTableArg (ruleRules r)) ++ [ "-j" , show $ ruleTarget r ])
+toIpTable r = map Param $
+ (show $ ruleChain r) :
+ (toIpTableArg (ruleRules r)) ++ [ "-j" , show $ ruleTarget r ]
toIpTableArg :: Rules -> [String]
toIpTableArg Everything = []
@@ -46,41 +52,40 @@ toIpTableArg (IFace iface) = ["-i", iface]
toIpTableArg (Ctstate states) = ["-m", "conntrack","--ctstate", concat $ intersperse "," (map show states)]
toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r'
-data Rule = Rule {
- ruleChain :: Chain
- ,ruleTarget :: Target
- ,ruleRules :: Rules
- } deriving (Eq, Show, Read)
-
+data Rule = Rule
+ { ruleChain :: Chain
+ , ruleTarget :: Target
+ , ruleRules :: Rules
+ } deriving (Eq, Show, Read)
+
data Chain = INPUT | OUTPUT | FORWARD
- deriving (Eq,Show,Read)
+ deriving (Eq,Show,Read)
data Target = ACCEPT | REJECT | DROP | LOG
- deriving (Eq,Show,Read)
+ deriving (Eq,Show,Read)
data Proto = TCP | UDP | ICMP
- deriving (Eq,Show,Read)
+ deriving (Eq,Show,Read)
type Port = Int
data ConnectionState = ESTABLISHED | RELATED | NEW | INVALID
- deriving (Eq,Show,Read)
-
-data Rules = Everything
- | Proto Proto
- -- ^There is actually some order dependency between proto and port so this should be a specific
- -- data type with proto + ports
- | Port Port
- | PortRange (Port,Port)
- | IFace Network.Interface
- | Ctstate [ ConnectionState ]
- | Rules :- Rules -- ^Combine two rules
- deriving (Eq,Show,Read)
+ deriving (Eq,Show,Read)
+
+data Rules
+ = Everything
+ | Proto Proto
+ -- ^There is actually some order dependency between proto and port so this should be a specific
+ -- data type with proto + ports
+ | Port Port
+ | PortRange (Port,Port)
+ | IFace Network.Interface
+ | Ctstate [ ConnectionState ]
+ | Rules :- Rules -- ^Combine two rules
+ deriving (Eq,Show,Read)
infixl 0 :-
instance Monoid Rules where
- mempty = Everything
- mappend = (:-)
-
-
+ mempty = Everything
+ mappend = (:-)