Firewall: add Source/Destination Rules

(cherry picked from commit 34ee25d51b502af8da81c7b0701ac02cf1f43c1e)
author: Félix Sipma <felix.sipma@no-log.org> 2016-02-04 12:42:11 +0100
committer: Joey Hess <joeyh@joeyh.name> 2016-02-25 17:19:44 -0400
commit: 39825733d28dc9ea59386073879ba0e754c42028 (patch)
tree: 772597d5a66e77cbb2dd2b133999e74d7140aa7e /src
parent: 69f35659e205e69a017ff2f3f39393ed4c403937 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs
index a851f885..13db38df 100644
--- a/src/Propellor/Property/Firewall.hs
+++ b/src/Propellor/Property/Firewall.hs
@@ -54,8 +54,24 @@ toIpTableArg (Ctstate states) =
 	, "conntrack"
 	, "--ctstate", concat $ intersperse "," (map show states)
 	]
+toIpTableArg (Source ipwm) =
+	[ "-s"
+	, concat $ intersperse "," (map fromIPWithMask ipwm)
+	]
+toIpTableArg (Destination ipwm) =
+	[ "-d"
+	, concat $ intersperse "," (map fromIPWithMask ipwm)
+	]
 toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r'
 
+data IPWithMask = IPWithNoMask IPAddr | IPWithIPMask IPAddr IPAddr | IPWithNumMask IPAddr Int
+	deriving (Eq, Show)
+
+fromIPWithMask :: IPWithMask -> String
+fromIPWithMask (IPWithNoMask ip) = fromIPAddr ip
+fromIPWithMask (IPWithIPMask ip ipm) = fromIPAddr ip ++ "/" ++ fromIPAddr ipm
+fromIPWithMask (IPWithNumMask ip m) = fromIPAddr ip ++ "/" ++ show m
+
 data Rule = Rule
 	{ ruleChain :: Chain
 	, ruleTarget :: Target
@@ -84,6 +100,8 @@ data Rules
 	| InIFace Network.Interface
 	| OutIFace Network.Interface
 	| Ctstate [ ConnectionState ]
+	| Source [ IPWithMask ]
+	| Destination [ IPWithMask ]
 	| Rules :- Rules   -- ^Combine two rules
 	deriving (Eq, Show)
author	Félix Sipma <felix.sipma@no-log.org>	2016-02-04 12:42:11 +0100
committer	Joey Hess <joeyh@joeyh.name>	2016-02-25 17:19:44 -0400
commit	39825733d28dc9ea59386073879ba0e754c42028 (patch)
tree	772597d5a66e77cbb2dd2b133999e74d7140aa7e /src
parent	69f35659e205e69a017ff2f3f39393ed4c403937 (diff)