diff options
| author | Joey Hess <joeyh@joeyh.name> | 2016-03-07 18:23:20 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-03-07 18:23:20 -0400 |
| commit | 89f9b3cbe16d708912c91db76ed6a2d5cf9851b2 (patch) | |
| tree | c4ad9a2b8d7a2e719288e6d38b537d31d1b7633a /src/Propellor/Property/Firewall.hs | |
| parent | 6eb4f7a2f9bbabc5c606f624e9b8380a16224690 (diff) | |
| parent | 9556734c02a0b05764e83419ae72710908419cdc (diff) | |
Merge branch 'joeyconfig'
Diffstat (limited to 'src/Propellor/Property/Firewall.hs')
| -rw-r--r-- | src/Propellor/Property/Firewall.hs | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index cb0f0b64..fa1f95d4 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -51,9 +51,9 @@ toIpTable r = map Param $ toIpTableArg :: Rules -> [String] toIpTableArg Everything = [] toIpTableArg (Proto proto) = ["-p", map toLower $ show proto] -toIpTableArg (DPort (Port port)) = ["--dport", show port] -toIpTableArg (DPortRange (Port f, Port t)) = - ["--dport", show f ++ ":" ++ show t] +toIpTableArg (DPort port) = ["--dport", fromPort port] +toIpTableArg (DPortRange (portf, portt)) = + ["--dport", fromPort portf ++ ":" ++ fromPort portt] toIpTableArg (InIFace iface) = ["-i", iface] toIpTableArg (OutIFace iface) = ["-o", iface] toIpTableArg (Ctstate states) = @@ -87,6 +87,10 @@ toIpTableArg (Destination ipwm) = [ "-d" , intercalate "," (map fromIPWithMask ipwm) ] +toIpTableArg (NatDestination ip mport) = + [ "--to-destination" + , fromIPAddr ip ++ maybe "" (\p -> ":" ++ fromPort p) mport + ] toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r' data IPWithMask = IPWithNoMask IPAddr | IPWithIPMask IPAddr IPAddr | IPWithNumMask IPAddr Int @@ -167,7 +171,7 @@ data Rules -- ^There is actually some order dependency between proto and port so this should be a specific -- data type with proto + ports | DPort Port - | DPortRange (Port,Port) + | DPortRange (Port, Port) | InIFace Network.Interface | OutIFace Network.Interface | Ctstate [ ConnectionState ] @@ -177,6 +181,7 @@ data Rules | TCPSyn | Source [ IPWithMask ] | Destination [ IPWithMask ] + | NatDestination IPAddr (Maybe Port) | Rules :- Rules -- ^Combine two rules deriving (Eq, Show) |