|
Packit Service |
a2ae7a |
module Lokkit =
|
|
Packit Service |
a2ae7a |
autoload xfm
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
(* Module: Lokkit
|
|
Packit Service |
a2ae7a |
Parse the config file for lokkit from system-config-firewall
|
|
Packit Service |
a2ae7a |
*)
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
let comment = Util.comment
|
|
Packit Service |
a2ae7a |
let empty = Util.empty
|
|
Packit Service |
a2ae7a |
let eol = Util.eol
|
|
Packit Service |
a2ae7a |
let spc = Util.del_ws_spc
|
|
Packit Service |
a2ae7a |
let dels = Util.del_str
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
let eq = del /[ \t=]+/ "="
|
|
Packit Service |
a2ae7a |
let token = store /[a-zA-Z0-9][a-zA-Z0-9-]*/
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
let long_opt (n:regexp) =
|
|
Packit Service |
a2ae7a |
[ dels "--" . key n . eq . token . eol ]
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
let flag (n:regexp) =
|
|
Packit Service |
a2ae7a |
[ dels "--" . key n . eol ]
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
let option (l:string) (s:string) =
|
|
Packit Service |
a2ae7a |
del ("--" . l | "-" . s) ("--" . l) . label l . eq
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
let opt (l:string) (s:string) =
|
|
Packit Service |
a2ae7a |
[ option l s . token . eol ]
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
(* trust directive
|
|
Packit Service |
a2ae7a |
-t <interface>, --trust=<interface>
|
|
Packit Service |
a2ae7a |
*)
|
|
Packit Service |
a2ae7a |
let trust =
|
|
Packit Service |
a2ae7a |
[ option "trust" "t" . store Rx.device_name . eol ]
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
(* port directive
|
|
Packit Service |
a2ae7a |
-p <port>[-<port>]:<protocol>, --port=<port>[-<port>]:<protocol>
|
|
Packit Service |
a2ae7a |
*)
|
|
Packit Service |
a2ae7a |
let port =
|
|
Packit Service |
a2ae7a |
let portnum = store /[0-9]+/ in
|
|
Packit Service |
a2ae7a |
[ option "port" "p" .
|
|
Packit Service |
a2ae7a |
[ label "start" . portnum ] .
|
|
Packit Service |
a2ae7a |
(dels "-" . [ label "end" . portnum])? .
|
|
Packit Service |
a2ae7a |
dels ":" . [ label "protocol" . token ] . eol ]
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
(* custom_rules directive
|
|
Packit Service |
a2ae7a |
--custom-rules=[<type>:][:]<filename>
|
|
Packit Service |
a2ae7a |
*)
|
|
Packit Service |
a2ae7a |
let custom_rules =
|
|
Packit Service |
a2ae7a |
let types = store /ipv4|ipv6/ in
|
|
Packit Service |
a2ae7a |
let tables = store /mangle|nat|filter/ in
|
|
Packit Service |
a2ae7a |
let filename = store /[^ \t\n:=][^ \t\n:]*/ in
|
|
Packit Service |
a2ae7a |
[ dels "--custom-rules" . label "custom-rules" . eq .
|
|
Packit Service |
a2ae7a |
[ label "type" . types . dels ":" ]? .
|
|
Packit Service |
a2ae7a |
[ label "table" . tables . dels ":"]? .
|
|
Packit Service |
a2ae7a |
filename . eol ]
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
(* forward_port directive
|
|
Packit Service |
a2ae7a |
--forward-port=if=<interface>:port=<port>:proto=<protocol>[:toport=<destination port>][:toaddr=<destination address>]
|
|
Packit Service |
a2ae7a |
*)
|
|
Packit Service |
a2ae7a |
let forward_port =
|
|
Packit Service |
a2ae7a |
let elem (n:string) (v:lens) =
|
|
Packit Service |
a2ae7a |
[ key n . eq . v ] in
|
|
Packit Service |
a2ae7a |
let ipaddr = store /[0-9.]+/ in
|
|
Packit Service |
a2ae7a |
let colon = dels ":" in
|
|
Packit Service |
a2ae7a |
[ dels "--forward-port" . label "forward-port" . eq .
|
|
Packit Service |
a2ae7a |
elem "if" token . colon .
|
|
Packit Service |
a2ae7a |
elem "port" token . colon .
|
|
Packit Service |
a2ae7a |
elem "proto" token .
|
|
Packit Service |
a2ae7a |
(colon . elem "toport" token)? .
|
|
Packit Service |
a2ae7a |
(colon . elem "toaddr" ipaddr)? . eol ]
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
let entry =
|
|
Packit Service |
a2ae7a |
long_opt /selinux|selinuxtype|addmodule|removemodule|block-icmp/
|
|
Packit Service |
a2ae7a |
|flag /enabled|disabled/
|
|
Packit Service |
a2ae7a |
|opt "service" "s"
|
|
Packit Service |
a2ae7a |
|port
|
|
Packit Service |
a2ae7a |
|trust
|
|
Packit Service |
a2ae7a |
|opt "masq" "m"
|
|
Packit Service |
a2ae7a |
|custom_rules
|
|
Packit Service |
a2ae7a |
|forward_port
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
let lns = (comment|empty|entry)*
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
let xfm = transform lns (incl "/etc/sysconfig/system-config-firewall")
|