summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorFĂ©lix Sipma2016-02-04 12:42:11 +0100
committerJoey Hess2016-02-25 17:19:44 -0400
commit39825733d28dc9ea59386073879ba0e754c42028 (patch)
tree772597d5a66e77cbb2dd2b133999e74d7140aa7e /src
parent69f35659e205e69a017ff2f3f39393ed4c403937 (diff)
Firewall: add Source/Destination Rules
(cherry picked from commit 34ee25d51b502af8da81c7b0701ac02cf1f43c1e)
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/Property/Firewall.hs18
1 files changed, 18 insertions, 0 deletions
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs
index a851f885..13db38df 100644
--- a/src/Propellor/Property/Firewall.hs
+++ b/src/Propellor/Property/Firewall.hs
@@ -54,8 +54,24 @@ toIpTableArg (Ctstate states) =
, "conntrack"
, "--ctstate", concat $ intersperse "," (map show states)
]
+toIpTableArg (Source ipwm) =
+ [ "-s"
+ , concat $ intersperse "," (map fromIPWithMask ipwm)
+ ]
+toIpTableArg (Destination ipwm) =
+ [ "-d"
+ , concat $ intersperse "," (map fromIPWithMask ipwm)
+ ]
toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r'
+data IPWithMask = IPWithNoMask IPAddr | IPWithIPMask IPAddr IPAddr | IPWithNumMask IPAddr Int
+ deriving (Eq, Show)
+
+fromIPWithMask :: IPWithMask -> String
+fromIPWithMask (IPWithNoMask ip) = fromIPAddr ip
+fromIPWithMask (IPWithIPMask ip ipm) = fromIPAddr ip ++ "/" ++ fromIPAddr ipm
+fromIPWithMask (IPWithNumMask ip m) = fromIPAddr ip ++ "/" ++ show m
+
data Rule = Rule
{ ruleChain :: Chain
, ruleTarget :: Target
@@ -84,6 +100,8 @@ data Rules
| InIFace Network.Interface
| OutIFace Network.Interface
| Ctstate [ ConnectionState ]
+ | Source [ IPWithMask ]
+ | Destination [ IPWithMask ]
| Rules :- Rules -- ^Combine two rules
deriving (Eq, Show)