Firewall: add TCPFlag

(cherry picked from commit f16e0e4f632032c70adcb9ba9f108e87a6ae4321)
author: Félix Sipma <felix.sipma@no-log.org> 2016-02-29 18:03:12 +0100
committer: Joey Hess <joeyh@joeyh.name> 2016-03-02 15:36:57 -0400
commit: 140fb642e8ea3492313d3f41ef44930e1974b3f9 (patch)
tree: 6fd42deec69a4ad91b75fb9c440683e679914d27 /src
parent: 02edd1dca9b5554728201924a8ed786133b1c57d (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs
index 01664130..bf41cf20 100644
--- a/src/Propellor/Property/Firewall.hs
+++ b/src/Propellor/Property/Firewall.hs
@@ -70,6 +70,13 @@ toIpTableArg (RateLimit f) =
 	, "limit"
 	, "--limit", fromFrequency f
 	]
+toIpTableArg (TCPFlags m c) =
+	[ "-m"
+	, "tcp"
+	, "--tcp-flags"
+	, intercalate "," (map show m)
+	, intercalate "," (map show c)
+	]
 toIpTableArg (Source ipwm) =
 	[ "-s"
 	, intercalate "," (map fromIPWithMask ipwm)
@@ -189,6 +196,13 @@ data Frequency = NumBySecond Int
 fromFrequency :: Frequency -> String
 fromFrequency (NumBySecond n) = show n ++ "/second"
 
+type TCPFlagMask = [TCPFlag]
+
+type TCPFlagComp = [TCPFlag]
+
+data TCPFlag = SYN | ACK | FIN | RST | URG | PSH | ALL | NONE
+	deriving (Eq, Show)
+
 data Rules
 	= Everything
 	| Proto Proto
@@ -201,6 +215,7 @@ data Rules
 	| Ctstate [ ConnectionState ]
 	| ICMPType ICMPTypeMatch
 	| RateLimit Frequency
+	| TCPFlags TCPFlagMask TCPFlagComp
 	| Source [ IPWithMask ]
 	| Destination [ IPWithMask ]
 	| Rules :- Rules   -- ^Combine two rules
author	Félix Sipma <felix.sipma@no-log.org>	2016-02-29 18:03:12 +0100
committer	Joey Hess <joeyh@joeyh.name>	2016-03-02 15:36:57 -0400
commit	140fb642e8ea3492313d3f41ef44930e1974b3f9 (patch)
tree	6fd42deec69a4ad91b75fb9c440683e679914d27 /src
parent	02edd1dca9b5554728201924a8ed786133b1c57d (diff)