diff options
author | lassulus <lass@aidsballs.de> | 2015-07-18 14:30:29 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2015-07-18 14:30:29 +0200 |
commit | 60b2c8d900d9cd6c85e24c70029f6df971785589 (patch) | |
tree | 41f21d97f5207affa4c01bc3cd96799bbbca4d57 | |
parent | c3bc0ca4ec9ad2467653f1ab232b062a8bc7f8e5 (diff) |
3 lass.iptables sort rules instead of tables
-rw-r--r-- | 3modules/lass/iptables.nix | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/3modules/lass/iptables.nix b/3modules/lass/iptables.nix index 5205882..b78879d 100644 --- a/3modules/lass/iptables.nix +++ b/3modules/lass/iptables.nix @@ -99,26 +99,27 @@ let #todo: differentiate by iptables-version buildTables = v: ts: let - sortedTable = sort (a: b: a.precedence < b.precedence) ts; declareChain = t: cn: #TODO: find out what to do whit these count numbers ":${cn} ${t."${cn}".policy} [0:0]"; buildChain = tn: cn: - #"${concatStringsSep " " ((attrNames t."${cn}") ++ [cn])}"; - - #TODO: double check should be unneccessary, refactor! - if (hasAttr "rules" ts."${tn}"."${cn}") then - if (ts."${tn}"."${cn}".rules == null) then - "" + let + sortedRules = sort (a: b: a.precedence < b.precedence) ts."${tn}"."${cn}".rules; + + in + #TODO: double check should be unneccessary, refactor! + if (hasAttr "rules" ts."${tn}"."${cn}") then + if (ts."${tn}"."${cn}".rules == null) then + "" + else + concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([] + ++ map (buildRule tn cn) sortedRules + ) else - concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([] - ++ map (buildRule tn cn) ts."${tn}"."${cn}".rules - ) - else - "" - ; + "" + ; buildRule = tn: cn: rule: @@ -143,7 +144,7 @@ let "\nCOMMIT"; in concatStringsSep "\n" ([] - ++ map buildTable (attrNames sortedTable) + ++ map buildTable (attrNames ts) ); #===== |