From 140fb642e8ea3492313d3f41ef44930e1974b3f9 Mon Sep 17 00:00:00 2001 From: FĂ©lix Sipma Date: Mon, 29 Feb 2016 18:03:12 +0100 Subject: Firewall: add TCPFlag (cherry picked from commit f16e0e4f632032c70adcb9ba9f108e87a6ae4321) --- src/Propellor/Property/Firewall.hs | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'src/Propellor/Property') diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index 01664130..bf41cf20 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -70,6 +70,13 @@ toIpTableArg (RateLimit f) = , "limit" , "--limit", fromFrequency f ] +toIpTableArg (TCPFlags m c) = + [ "-m" + , "tcp" + , "--tcp-flags" + , intercalate "," (map show m) + , intercalate "," (map show c) + ] toIpTableArg (Source ipwm) = [ "-s" , intercalate "," (map fromIPWithMask ipwm) @@ -189,6 +196,13 @@ data Frequency = NumBySecond Int fromFrequency :: Frequency -> String fromFrequency (NumBySecond n) = show n ++ "/second" +type TCPFlagMask = [TCPFlag] + +type TCPFlagComp = [TCPFlag] + +data TCPFlag = SYN | ACK | FIN | RST | URG | PSH | ALL | NONE + deriving (Eq, Show) + data Rules = Everything | Proto Proto @@ -201,6 +215,7 @@ data Rules | Ctstate [ ConnectionState ] | ICMPType ICMPTypeMatch | RateLimit Frequency + | TCPFlags TCPFlagMask TCPFlagComp | Source [ IPWithMask ] | Destination [ IPWithMask ] | Rules :- Rules -- ^Combine two rules -- cgit v1.2.3