From 39825733d28dc9ea59386073879ba0e754c42028 Mon Sep 17 00:00:00 2001 From: FĂ©lix Sipma Date: Thu, 4 Feb 2016 12:42:11 +0100 Subject: Firewall: add Source/Destination Rules (cherry picked from commit 34ee25d51b502af8da81c7b0701ac02cf1f43c1e) --- src/Propellor/Property/Firewall.hs | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'src/Propellor/Property/Firewall.hs') diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index a851f885..13db38df 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -54,8 +54,24 @@ toIpTableArg (Ctstate states) = , "conntrack" , "--ctstate", concat $ intersperse "," (map show states) ] +toIpTableArg (Source ipwm) = + [ "-s" + , concat $ intersperse "," (map fromIPWithMask ipwm) + ] +toIpTableArg (Destination ipwm) = + [ "-d" + , concat $ intersperse "," (map fromIPWithMask ipwm) + ] toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r' +data IPWithMask = IPWithNoMask IPAddr | IPWithIPMask IPAddr IPAddr | IPWithNumMask IPAddr Int + deriving (Eq, Show) + +fromIPWithMask :: IPWithMask -> String +fromIPWithMask (IPWithNoMask ip) = fromIPAddr ip +fromIPWithMask (IPWithIPMask ip ipm) = fromIPAddr ip ++ "/" ++ fromIPAddr ipm +fromIPWithMask (IPWithNumMask ip m) = fromIPAddr ip ++ "/" ++ show m + data Rule = Rule { ruleChain :: Chain , ruleTarget :: Target @@ -84,6 +100,8 @@ data Rules | InIFace Network.Interface | OutIFace Network.Interface | Ctstate [ ConnectionState ] + | Source [ IPWithMask ] + | Destination [ IPWithMask ] | Rules :- Rules -- ^Combine two rules deriving (Eq, Show) -- cgit v1.2.3