summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Firewall.hs
AgeCommit message (Collapse)Author
2018-11-11fix unused import warningJoey Hess
Propellor.Base re-exports Data.Monoid.
2018-04-30fix broken SemigroupMonoid transition <<loop>>Joey Hess
Turns out that with ghc 8.2.2, the instructions given on the page don't work. And the cppless variant that I had compiles, but into effectively mappend = mappend so it loops. The only way I can see to make it work without cpp is to use mappend = (Sem.<>) which is ugly and a land mine waiting to explode if someone changes it to a nicer mappend = (<>) with a newer version of ghc which will compile it and work ok, while breaking it with 8.2.2. Sigh. I posted to haskell-cafe about this.
2018-04-23semigroup monoid change fallout; drop ghc 7 supportJoey Hess
Fix build with ghc 8.4, which broke due to the Semigroup Monoid change. See https://prime.haskell.org/wiki/Libraries/Proposals/SemigroupMonoid Dropped support for building propellor with ghc 7 (as in debian oldstable), to avoid needing to depend on the semigroups transitional package, but also because it's just too old to be worth supporting. If we indeed drop ghc 7 support entirely, some code to support "jessie" can be removed; concurrent-output can be de-embedded, and the Singletons code can be simplified. This commit was sponsored by Jack Hill on Patreon.
2018-03-20Move table and target to before the other rule argumentsRussell Sim
Some commands in IPTables are order dependent. In particular, I have seen this with the --to-dest and the --to-source arguments for DNAT and SNAT respectively. Below is an example rule which demonstrates the issue. $ iptables -A PREROUTING -p tcp -i eth0 --dport 4000 \ --to-dest 10.3.0.6:4000 -t nat -j DNAT iptables v1.6.0: unknown option "--to-dest" $ iptables -A PREROUTING -p tcp -i eth0 --dport 4000 \ -j DNAT --to-dest 10.3.0.6:4000 -t nat Signed-off-by: Russell Sim <russell.sim@gmail.com>
2017-02-26convert fromIPAddr to valJoey Hess
2017-02-26convert from* in Firewall to valJoey Hess
2017-02-26use ConfigurableValue where applicableJoey Hess
* Removed fromPort (use val instead). (API change) * Removed several Show instances that were only used for generating configuration, replacing with ConfigurableValue instances. (API change) It's somewhat annoying that IsInfo requires a Show instance. That's needed to be able to display Info in ghci, but some non-derived Show instances had to be kept to support that.
2016-05-19add GroupOwner and NotDestination iptables RulesSean Whitton
2016-03-26more portingJoey Hess
2016-03-07Firewall: add NatDestination to RulesFélix Sipma
(cherry picked from commit df40046fd65bc07eced41adb73c7e227d2b54cd1)
2016-03-07add fromPort functionFélix Sipma
(cherry picked from commit c3a23f89092d1ef8367c37ab8993ea7031124f4b)
2016-03-04Firewall: simplify Chain data typeFélix Sipma
(cherry picked from commit 313a94cd87cd0f977310a6eada559dd383f6e9f0)
2016-03-04Firewall: update Chain constructorsFélix Sipma
(cherry picked from commit 1a485202eeab60d9d677576278480a4109db72fb)
2016-03-04Firewall: export TCPFlagFélix Sipma
(cherry picked from commit 4705d6be44d1ce6ff5eb0c7b8bc3a904b6e8d220)
2016-03-02Firewall: add TCPSyn to RulesFélix Sipma
(cherry picked from commit 864bff7743bd3a77f1bfdb37bdeeea49e31e1f52)
2016-03-02Firewall: add TCPFlagFélix Sipma
(cherry picked from commit f16e0e4f632032c70adcb9ba9f108e87a6ae4321)
2016-03-02Firewall: add FrequencyFélix Sipma
(cherry picked from commit 26fd68a9cda543e74492dc71680d10eaa881f351)
2016-03-02Firewall: add ICMPTypeMatchFélix Sipma
(cherry picked from commit 2214aca8f3ca92b9739b2884cb59274edad9170e)
2016-03-02Firewall: separate Table and TargetFélix Sipma
(cherry picked from commit c97f1308739aa7877aac2f3c949c4aadf2266775)
2016-02-25add FromTarget classFélix Sipma
(cherry picked from commit 226bf3e8230037ad2de38760c962033ab6c64d9f)
2016-02-25Firewall: export fromIPWithMaskFélix Sipma
(cherry picked from commit 57f7d81f1124fa5c56a593b9d5de6448155a938e)
2016-02-25Firewall: add Table (api change)Félix Sipma
(cherry picked from commit 202f9c282ee34897461dc56a79e607244c94cd99)
2016-02-25Firewall: add CustomTargetFélix Sipma
(cherry picked from commit ecff879cfeacfbff00649f4a3b9dd19eaefe134f)
2016-02-25Firewall: minor hlint fixesFélix Sipma
(cherry picked from commit d4653a2c4683ff3eeb4decbb3c61bb9e9cef2c64)
2016-02-25Firewall: add Source/Destination RulesFélix Sipma
(cherry picked from commit 34ee25d51b502af8da81c7b0701ac02cf1f43c1e)
2016-02-25Firewall: add InIFace/OutIFace RulesFélix Sipma
(cherry picked from commit 717e693b2ad0bf39865ef28952f37670e70d8582)
2015-10-10propellor spinJoey Hess
2015-09-29add Maintainer entries for contributed modulesJoey Hess
These show up in the haddock documentation on the sidebar. The author emails are not hyperlinked, so hopefully this is not a spam source. Keeping track of Maintainers of modules is becoming necessary because I don't use all these modules and am not the best person to maintain them, beyond simple changes to keep them building. I'll loop in the Maintainer if there's a bug etc on their module.
2015-08-13better comply with propellor's layout styleJoey Hess
2015-08-13Propellor.Property.Firewall: coding styleAntoine Eiche
2015-08-13Propellor.Property.Firewall: fix Port datatype to iptable parameter translationAntoine Eiche
2015-06-01reorganize Port type for systemd can use itJoey Hess
2015-05-27Export CommandParam, boolSystem, safeSystem and shellEscape from ↵Joey Hess
Propellor.Property.Cmd, so they are available for use in constricting your own Properties when using propellor as a library. Several imports of Utility.SafeCommand now redundant.
2015-01-24GADT properties seem to work (untested)Joey Hess
* Property has been converted to a GADT, and will be Property NoInfo or Property HasInfo. This was done to make sure that ensureProperty is only used on properties that do not have Info. Transition guide: - Change all "Property" to "Property NoInfo" or "Property WithInfo" (The compiler can tell you if you got it wrong!) - To construct a RevertableProperty, it is useful to use the new (<!>) operator - Constructing a list of properties can be problimatic, since Property NoInto and Property WithInfo are different types and cannot appear in the same list. To deal with this, "props" has been added, and can built up a list of properties of different types, using the same (&) and (!) operators that are used to build up a host's properties.
2015-01-19avoid haddock warningsJoey Hess
2014-12-08propellor spinJoey Hess
(cherry picked from commit 1d02d589c79781cc4b0bd82467edbdf64c40f34d)
2014-10-31remove hardcoded pathJoey Hess
propellor runs as root, and /sbin should always be in root's path
2014-10-31changed indentation for consistency with the rest of propellorJoey Hess
2014-10-31added licensing headerArnaud Bailly
2014-10-31missing exportArnaud Bailly
2014-10-31smarter constructor for ruleArnaud Bailly
2014-10-31added firewall propertiesArnaud Bailly