Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

3 lass.iptables: check if target is valid

Browse Source
This commit is contained in:
lassulus 2015-07-18 13:55:56 +02:00
parent 7f30f58a3e
commit 06a9695756
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
3modules/lass/iptables.nix
View File

@ -114,20 +114,18 @@ let
"" ""
else else
concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([] concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([]
++ map buildRule ts."${tn}"."${cn}".rules ++ map (buildRule tn cn) ts."${tn}"."${cn}".rules
) )
else else
"" ""
; ;
buildRule = rule: buildRule = tn: cn: rule:
#TODO implement rule validation-test here #target validation test:
# assert (elemIsIn rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ ts."${tn}"."${cn}"));
#target:
#target needs to be an existing chain (in the same table) or ACCEPT, REJECT, DROP, LOG, QUEUE, RETURN
#predicate: #predicate validation test:
#maybe use iptables-test #maybe use iptables-test
#TODO: howto exit with evaluation error by shellscript? #TODO: howto exit with evaluation error by shellscript?
#apperantly not possible from nix because evalatution wouldn't be deterministic. #apperantly not possible from nix because evalatution wouldn't be deterministic.