diff options
| author | Daniel Brooks <db48x@db48x.net> | 2015-08-02 00:59:28 -0400 |
|---|---|---|
| committer | Daniel Brooks <db48x@db48x.net> | 2015-08-02 00:59:28 -0400 |
| commit | eb15f06896aeb208d19f6f322905c7782125356e (patch) | |
| tree | 6f28ac50e476e83b212e2827a10d4b6dee0730c9 /src/Propellor/Property/Firewall.hs | |
| parent | 65b511e2d4f4ec9864167e414e76b967eda32dba (diff) | |
| parent | b7a9655a695103b3ca2e4e6edfe305f9b44d9250 (diff) | |
Merge branch 'joeyconfig' of git://git.kitenet.net/propellor into joeyconfig
Conflicts:
src/Propellor/Property/SiteSpecific/IABak.hs
Diffstat (limited to 'src/Propellor/Property/Firewall.hs')
| -rw-r--r-- | src/Propellor/Property/Firewall.hs | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index 66292c8b..d643b185 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -9,7 +9,6 @@ module Propellor.Property.Firewall ( Target(..), Proto(..), Rules(..), - Port, ConnectionState(..) ) where @@ -18,7 +17,6 @@ import Data.Char import Data.List import Propellor -import Utility.SafeCommand import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.Network as Network @@ -46,8 +44,8 @@ toIpTable r = map Param $ toIpTableArg :: Rules -> [String] toIpTableArg Everything = [] toIpTableArg (Proto proto) = ["-p", map toLower $ show proto] -toIpTableArg (Port port) = ["--dport", show port] -toIpTableArg (PortRange (f,t)) = ["--dport", show f ++ ":" ++ show t] +toIpTableArg (DPort port) = ["--dport", show port] +toIpTableArg (DPortRange (f,t)) = ["--dport", show f ++ ":" ++ show t] toIpTableArg (IFace iface) = ["-i", iface] toIpTableArg (Ctstate states) = ["-m", "conntrack","--ctstate", concat $ intersperse "," (map show states)] toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r' @@ -56,33 +54,31 @@ data Rule = Rule { ruleChain :: Chain , ruleTarget :: Target , ruleRules :: Rules - } deriving (Eq, Show, Read) + } deriving (Eq, Show) data Chain = INPUT | OUTPUT | FORWARD - deriving (Eq,Show,Read) + deriving (Eq, Show) data Target = ACCEPT | REJECT | DROP | LOG - deriving (Eq,Show,Read) + deriving (Eq, Show) data Proto = TCP | UDP | ICMP - deriving (Eq,Show,Read) - -type Port = Int + deriving (Eq, Show) data ConnectionState = ESTABLISHED | RELATED | NEW | INVALID - deriving (Eq,Show,Read) + deriving (Eq, Show) data Rules = Everything | Proto Proto -- ^There is actually some order dependency between proto and port so this should be a specific -- data type with proto + ports - | Port Port - | PortRange (Port,Port) + | DPort Port + | DPortRange (Port,Port) | IFace Network.Interface | Ctstate [ ConnectionState ] | Rules :- Rules -- ^Combine two rules - deriving (Eq,Show,Read) + deriving (Eq, Show) infixl 0 :- |