From 3a1f058c64dd073e6326f8a8f1755e6892ab127a Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 31 Oct 2014 10:20:34 -0400 Subject: changed indentation for consistency with the rest of propellor --- src/Propellor/Property/Firewall.hs | 87 ++++++++++++++++++++------------------ 1 file changed, 46 insertions(+), 41 deletions(-) (limited to 'src/Propellor/Property/Firewall.hs') diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index 68e9e9f8..e1570175 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -2,10 +2,15 @@ -- -- Copyright 2014 Arnaud Bailly -- License: BSD-2-Clause -module Propellor.Property.Firewall( - rule, - installed, - Chain(..),Target(..),Proto(..),Rules(..),ConnectionState(..)) where +module Propellor.Property.Firewall ( + rule, + installed, + Chain(..), + Target(..), + Proto(..), + Rules(..), + ConnectionState(..) +) where import Data.Monoid import Data.Char @@ -22,20 +27,21 @@ installed = Apt.installed ["iptables"] rule :: Chain -> Target -> Rules -> Property rule c t rs = property ("firewall rule: " <> show r) addIpTable where - r = Rule c t rs - addIpTable = liftIO $ do - let args = toIpTable r - exist <- boolSystem "/sbin/iptables" (chk args) - if exist then - return NoChange - else ifM (boolSystem "/sbin/iptables" (add args)) - ( return MadeChange , return FailedChange) - add params = (Param "-A") : params - chk params = (Param "-C") : params + r = Rule c t rs + addIpTable = liftIO $ do + let args = toIpTable r + exist <- boolSystem "/sbin/iptables" (chk args) + if exist + then return NoChange + else ifM (boolSystem "/sbin/iptables" (add args)) + ( return MadeChange , return FailedChange) + add params = (Param "-A") : params + chk params = (Param "-C") : params toIpTable :: Rule -> [CommandParam] -toIpTable r = map Param ((show $ ruleChain r) : - (toIpTableArg (ruleRules r)) ++ [ "-j" , show $ ruleTarget r ]) +toIpTable r = map Param $ + (show $ ruleChain r) : + (toIpTableArg (ruleRules r)) ++ [ "-j" , show $ ruleTarget r ] toIpTableArg :: Rules -> [String] toIpTableArg Everything = [] @@ -46,41 +52,40 @@ toIpTableArg (IFace iface) = ["-i", iface] toIpTableArg (Ctstate states) = ["-m", "conntrack","--ctstate", concat $ intersperse "," (map show states)] toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r' -data Rule = Rule { - ruleChain :: Chain - ,ruleTarget :: Target - ,ruleRules :: Rules - } deriving (Eq, Show, Read) - +data Rule = Rule + { ruleChain :: Chain + , ruleTarget :: Target + , ruleRules :: Rules + } deriving (Eq, Show, Read) + data Chain = INPUT | OUTPUT | FORWARD - deriving (Eq,Show,Read) + deriving (Eq,Show,Read) data Target = ACCEPT | REJECT | DROP | LOG - deriving (Eq,Show,Read) + deriving (Eq,Show,Read) data Proto = TCP | UDP | ICMP - deriving (Eq,Show,Read) + deriving (Eq,Show,Read) type Port = Int data ConnectionState = ESTABLISHED | RELATED | NEW | INVALID - deriving (Eq,Show,Read) - -data Rules = Everything - | Proto Proto - -- ^There is actually some order dependency between proto and port so this should be a specific - -- data type with proto + ports - | Port Port - | PortRange (Port,Port) - | IFace Network.Interface - | Ctstate [ ConnectionState ] - | Rules :- Rules -- ^Combine two rules - deriving (Eq,Show,Read) + deriving (Eq,Show,Read) + +data Rules + = Everything + | Proto Proto + -- ^There is actually some order dependency between proto and port so this should be a specific + -- data type with proto + ports + | Port Port + | PortRange (Port,Port) + | IFace Network.Interface + | Ctstate [ ConnectionState ] + | Rules :- Rules -- ^Combine two rules + deriving (Eq,Show,Read) infixl 0 :- instance Monoid Rules where - mempty = Everything - mappend = (:-) - - + mempty = Everything + mappend = (:-) -- cgit v1.2.3