diff options
author | lassulus <lass@aidsballs.de> | 2015-07-18 13:55:17 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2015-07-18 14:11:11 +0200 |
commit | 7f30f58a3e2f5e9a7333fa1f5be9c998c6ad098a (patch) | |
tree | 66d4151c598cebab39f1f333e0f92f55685dea6a /3modules/lass/iptables.nix | |
parent | e478f140e0e704f9985db039eb178be13af63abb (diff) |
3 lass.iptables: sort rules by precedence
Diffstat (limited to '3modules/lass/iptables.nix')
-rw-r--r-- | 3modules/lass/iptables.nix | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/3modules/lass/iptables.nix b/3modules/lass/iptables.nix index 1cd6d3f8e..ba05abeb2 100644 --- a/3modules/lass/iptables.nix +++ b/3modules/lass/iptables.nix @@ -95,10 +95,12 @@ let }; }; - #buildTable :: iptablesAttrSet` -> str + #buildTable :: iptablesVersion -> iptablesAttrSet` -> str #todo: differentiate by iptables-version - buildTables = iptv: ts: + buildTables = v: ts: let + sortedTable = sort (a: b: a.precedence < b.precedence) ts; + declareChain = t: cn: #TODO: find out what to do whit these count numbers ":${cn} ${t."${cn}".policy} [0:0]"; @@ -106,7 +108,6 @@ let buildChain = tn: cn: #"${concatStringsSep " " ((attrNames t."${cn}") ++ [cn])}"; - #TODO: sort by precedence #TODO: double check should be unneccessary, refactor! if (hasAttr "rules" ts."${tn}"."${cn}") then if (ts."${tn}"."${cn}".rules == null) then @@ -144,7 +145,7 @@ let "\nCOMMIT"; in concatStringsSep "\n" ([] - ++ map buildTable (attrNames ts) + ++ map buildTable (attrNames sortedTable) ); #===== |