diff options
| author | FĂ©lix Sipma <felix.sipma@no-log.org> | 2016-02-29 09:20:24 +0100 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-03-02 15:36:48 -0400 |
| commit | 60a7dfeb65b72e2ef26e071c007f9d11fe9aebc2 (patch) | |
| tree | 7530fcdf1f74dbae6ce6762d801853c6682a8e97 /src | |
| parent | 3abf0af94cd7cf4d0c0666a40deff43ca590a597 (diff) | |
Firewall: add ICMPTypeMatch
(cherry picked from commit 2214aca8f3ca92b9739b2884cb59274edad9170e)
Diffstat (limited to 'src')
| -rw-r--r-- | src/Propellor/Property/Firewall.hs | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index 62adf33a..05d70f45 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -11,6 +11,7 @@ module Propellor.Property.Firewall ( Proto(..), Rules(..), ConnectionState(..), + ICMPTypeMatch(..), IPWithMask(..), fromIPWithMask ) where @@ -58,6 +59,11 @@ toIpTableArg (Ctstate states) = , "conntrack" , "--ctstate", intercalate "," (map show states) ] +toIpTableArg (ICMPType i) = + [ "-m" + , "icmp" + , "--icmp-type", fromICMPTypeMatch i + ] toIpTableArg (Source ipwm) = [ "-s" , intercalate "," (map fromIPWithMask ipwm) @@ -164,6 +170,13 @@ data Proto = TCP | UDP | ICMP data ConnectionState = ESTABLISHED | RELATED | NEW | INVALID deriving (Eq, Show) +data ICMPTypeMatch = ICMPTypeName String | ICMPTypeCode Int + deriving (Eq, Show) + +fromICMPTypeMatch :: ICMPTypeMatch -> String +fromICMPTypeMatch (ICMPTypeName t) = t +fromICMPTypeMatch (ICMPTypeCode c) = show c + data Rules = Everything | Proto Proto @@ -174,6 +187,7 @@ data Rules | InIFace Network.Interface | OutIFace Network.Interface | Ctstate [ ConnectionState ] + | ICMPType ICMPTypeMatch | Source [ IPWithMask ] | Destination [ IPWithMask ] | Rules :- Rules -- ^Combine two rules |