From 02edd1dca9b5554728201924a8ed786133b1c57d Mon Sep 17 00:00:00 2001 From: FĂ©lix Sipma Date: Mon, 29 Feb 2016 09:48:46 +0100 Subject: Firewall: add Frequency (cherry picked from commit 26fd68a9cda543e74492dc71680d10eaa881f351) --- src/Propellor/Property/Firewall.hs | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index 05d70f45..01664130 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -12,6 +12,7 @@ module Propellor.Property.Firewall ( Rules(..), ConnectionState(..), ICMPTypeMatch(..), + Frequency(..), IPWithMask(..), fromIPWithMask ) where @@ -64,6 +65,11 @@ toIpTableArg (ICMPType i) = , "icmp" , "--icmp-type", fromICMPTypeMatch i ] +toIpTableArg (RateLimit f) = + [ "-m" + , "limit" + , "--limit", fromFrequency f + ] toIpTableArg (Source ipwm) = [ "-s" , intercalate "," (map fromIPWithMask ipwm) @@ -177,6 +183,12 @@ fromICMPTypeMatch :: ICMPTypeMatch -> String fromICMPTypeMatch (ICMPTypeName t) = t fromICMPTypeMatch (ICMPTypeCode c) = show c +data Frequency = NumBySecond Int + deriving (Eq, Show) + +fromFrequency :: Frequency -> String +fromFrequency (NumBySecond n) = show n ++ "/second" + data Rules = Everything | Proto Proto @@ -188,6 +200,7 @@ data Rules | OutIFace Network.Interface | Ctstate [ ConnectionState ] | ICMPType ICMPTypeMatch + | RateLimit Frequency | Source [ IPWithMask ] | Destination [ IPWithMask ] | Rules :- Rules -- ^Combine two rules -- cgit v1.2.3