summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Firewall.hs
diff options
context:
space:
mode:
Diffstat (limited to 'src/Propellor/Property/Firewall.hs')
-rw-r--r--src/Propellor/Property/Firewall.hs18
1 files changed, 18 insertions, 0 deletions
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs
index a851f885..13db38df 100644
--- a/src/Propellor/Property/Firewall.hs
+++ b/src/Propellor/Property/Firewall.hs
@@ -54,8 +54,24 @@ toIpTableArg (Ctstate states) =
, "conntrack"
, "--ctstate", concat $ intersperse "," (map show states)
]
+toIpTableArg (Source ipwm) =
+ [ "-s"
+ , concat $ intersperse "," (map fromIPWithMask ipwm)
+ ]
+toIpTableArg (Destination ipwm) =
+ [ "-d"
+ , concat $ intersperse "," (map fromIPWithMask ipwm)
+ ]
toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r'
+data IPWithMask = IPWithNoMask IPAddr | IPWithIPMask IPAddr IPAddr | IPWithNumMask IPAddr Int
+ deriving (Eq, Show)
+
+fromIPWithMask :: IPWithMask -> String
+fromIPWithMask (IPWithNoMask ip) = fromIPAddr ip
+fromIPWithMask (IPWithIPMask ip ipm) = fromIPAddr ip ++ "/" ++ fromIPAddr ipm
+fromIPWithMask (IPWithNumMask ip m) = fromIPAddr ip ++ "/" ++ show m
+
data Rule = Rule
{ ruleChain :: Chain
, ruleTarget :: Target
@@ -84,6 +100,8 @@ data Rules
| InIFace Network.Interface
| OutIFace Network.Interface
| Ctstate [ ConnectionState ]
+ | Source [ IPWithMask ]
+ | Destination [ IPWithMask ]
| Rules :- Rules -- ^Combine two rules
deriving (Eq, Show)