summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorFĂ©lix Sipma2016-02-29 18:03:12 +0100
committerJoey Hess2016-03-02 15:36:57 -0400
commit140fb642e8ea3492313d3f41ef44930e1974b3f9 (patch)
tree6fd42deec69a4ad91b75fb9c440683e679914d27 /src
parent02edd1dca9b5554728201924a8ed786133b1c57d (diff)
Firewall: add TCPFlag
(cherry picked from commit f16e0e4f632032c70adcb9ba9f108e87a6ae4321)
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/Property/Firewall.hs15
1 files changed, 15 insertions, 0 deletions
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs
index 01664130..bf41cf20 100644
--- a/src/Propellor/Property/Firewall.hs
+++ b/src/Propellor/Property/Firewall.hs
@@ -70,6 +70,13 @@ toIpTableArg (RateLimit f) =
, "limit"
, "--limit", fromFrequency f
]
+toIpTableArg (TCPFlags m c) =
+ [ "-m"
+ , "tcp"
+ , "--tcp-flags"
+ , intercalate "," (map show m)
+ , intercalate "," (map show c)
+ ]
toIpTableArg (Source ipwm) =
[ "-s"
, intercalate "," (map fromIPWithMask ipwm)
@@ -189,6 +196,13 @@ data Frequency = NumBySecond Int
fromFrequency :: Frequency -> String
fromFrequency (NumBySecond n) = show n ++ "/second"
+type TCPFlagMask = [TCPFlag]
+
+type TCPFlagComp = [TCPFlag]
+
+data TCPFlag = SYN | ACK | FIN | RST | URG | PSH | ALL | NONE
+ deriving (Eq, Show)
+
data Rules
= Everything
| Proto Proto
@@ -201,6 +215,7 @@ data Rules
| Ctstate [ ConnectionState ]
| ICMPType ICMPTypeMatch
| RateLimit Frequency
+ | TCPFlags TCPFlagMask TCPFlagComp
| Source [ IPWithMask ]
| Destination [ IPWithMask ]
| Rules :- Rules -- ^Combine two rules