summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorFĂ©lix Sipma2016-02-29 09:20:24 +0100
committerJoey Hess2016-03-02 15:36:48 -0400
commit60a7dfeb65b72e2ef26e071c007f9d11fe9aebc2 (patch)
tree7530fcdf1f74dbae6ce6762d801853c6682a8e97 /src
parent3abf0af94cd7cf4d0c0666a40deff43ca590a597 (diff)
Firewall: add ICMPTypeMatch
(cherry picked from commit 2214aca8f3ca92b9739b2884cb59274edad9170e)
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/Property/Firewall.hs14
1 files changed, 14 insertions, 0 deletions
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs
index 62adf33a..05d70f45 100644
--- a/src/Propellor/Property/Firewall.hs
+++ b/src/Propellor/Property/Firewall.hs
@@ -11,6 +11,7 @@ module Propellor.Property.Firewall (
Proto(..),
Rules(..),
ConnectionState(..),
+ ICMPTypeMatch(..),
IPWithMask(..),
fromIPWithMask
) where
@@ -58,6 +59,11 @@ toIpTableArg (Ctstate states) =
, "conntrack"
, "--ctstate", intercalate "," (map show states)
]
+toIpTableArg (ICMPType i) =
+ [ "-m"
+ , "icmp"
+ , "--icmp-type", fromICMPTypeMatch i
+ ]
toIpTableArg (Source ipwm) =
[ "-s"
, intercalate "," (map fromIPWithMask ipwm)
@@ -164,6 +170,13 @@ data Proto = TCP | UDP | ICMP
data ConnectionState = ESTABLISHED | RELATED | NEW | INVALID
deriving (Eq, Show)
+data ICMPTypeMatch = ICMPTypeName String | ICMPTypeCode Int
+ deriving (Eq, Show)
+
+fromICMPTypeMatch :: ICMPTypeMatch -> String
+fromICMPTypeMatch (ICMPTypeName t) = t
+fromICMPTypeMatch (ICMPTypeCode c) = show c
+
data Rules
= Everything
| Proto Proto
@@ -174,6 +187,7 @@ data Rules
| InIFace Network.Interface
| OutIFace Network.Interface
| Ctstate [ ConnectionState ]
+ | ICMPType ICMPTypeMatch
| Source [ IPWithMask ]
| Destination [ IPWithMask ]
| Rules :- Rules -- ^Combine two rules