summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Firewall.hs
diff options
context:
space:
mode:
Diffstat (limited to 'src/Propellor/Property/Firewall.hs')
-rw-r--r--src/Propellor/Property/Firewall.hs13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs
index 05d70f45..01664130 100644
--- a/src/Propellor/Property/Firewall.hs
+++ b/src/Propellor/Property/Firewall.hs
@@ -12,6 +12,7 @@ module Propellor.Property.Firewall (
Rules(..),
ConnectionState(..),
ICMPTypeMatch(..),
+ Frequency(..),
IPWithMask(..),
fromIPWithMask
) where
@@ -64,6 +65,11 @@ toIpTableArg (ICMPType i) =
, "icmp"
, "--icmp-type", fromICMPTypeMatch i
]
+toIpTableArg (RateLimit f) =
+ [ "-m"
+ , "limit"
+ , "--limit", fromFrequency f
+ ]
toIpTableArg (Source ipwm) =
[ "-s"
, intercalate "," (map fromIPWithMask ipwm)
@@ -177,6 +183,12 @@ fromICMPTypeMatch :: ICMPTypeMatch -> String
fromICMPTypeMatch (ICMPTypeName t) = t
fromICMPTypeMatch (ICMPTypeCode c) = show c
+data Frequency = NumBySecond Int
+ deriving (Eq, Show)
+
+fromFrequency :: Frequency -> String
+fromFrequency (NumBySecond n) = show n ++ "/second"
+
data Rules
= Everything
| Proto Proto
@@ -188,6 +200,7 @@ data Rules
| OutIFace Network.Interface
| Ctstate [ ConnectionState ]
| ICMPType ICMPTypeMatch
+ | RateLimit Frequency
| Source [ IPWithMask ]
| Destination [ IPWithMask ]
| Rules :- Rules -- ^Combine two rules