diff options
author | lassulus <lass@aidsballs.de> | 2015-07-18 13:55:56 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2015-07-18 14:11:11 +0200 |
commit | 2cafcac340903fa40ae6f455e3f5a72f0ab023dc (patch) | |
tree | 96e5bb07124cfaa8d180f7ba6a44dff4d3f3dc0c /3modules/lass | |
parent | 2840f0e74dc51785420239efb90f3ec3ca8a23c6 (diff) |
3 lass.iptables: check if target is valid
Diffstat (limited to '3modules/lass')
-rw-r--r-- | 3modules/lass/iptables.nix | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/3modules/lass/iptables.nix b/3modules/lass/iptables.nix index ba05abe..5205882 100644 --- a/3modules/lass/iptables.nix +++ b/3modules/lass/iptables.nix @@ -114,20 +114,18 @@ let "" else concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([] - ++ map buildRule ts."${tn}"."${cn}".rules + ++ map (buildRule tn cn) ts."${tn}"."${cn}".rules ) else "" ; - buildRule = rule: - #TODO implement rule validation-test here - # - #target: - #target needs to be an existing chain (in the same table) or ACCEPT, REJECT, DROP, LOG, QUEUE, RETURN + buildRule = tn: cn: rule: + #target validation test: + assert (elemIsIn rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ ts."${tn}"."${cn}")); - #predicate: + #predicate validation test: #maybe use iptables-test #TODO: howto exit with evaluation error by shellscript? #apperantly not possible from nix because evalatution wouldn't be deterministic. |