summaryrefslogtreecommitdiffstats
path: root/3modules/lass/iptables.nix
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-07-18 14:30:29 +0200
committerlassulus <lass@aidsballs.de>2015-07-18 14:30:29 +0200
commit83901e1e475f6bcb6aca0aefbcbebde62339b481 (patch)
tree41f21d97f5207affa4c01bc3cd96799bbbca4d57 /3modules/lass/iptables.nix
parent5637a9634b0a7e0b3a7379ee0b7f461b55cc91e4 (diff)
3 lass.iptables sort rules instead of tables
Diffstat (limited to '3modules/lass/iptables.nix')
-rw-r--r--3modules/lass/iptables.nix29
1 files changed, 15 insertions, 14 deletions
diff --git a/3modules/lass/iptables.nix b/3modules/lass/iptables.nix
index 52058821c..b78879d2c 100644
--- a/3modules/lass/iptables.nix
+++ b/3modules/lass/iptables.nix
@@ -99,26 +99,27 @@ let
#todo: differentiate by iptables-version
buildTables = v: ts:
let
- sortedTable = sort (a: b: a.precedence < b.precedence) ts;
declareChain = t: cn:
#TODO: find out what to do whit these count numbers
":${cn} ${t."${cn}".policy} [0:0]";
buildChain = tn: cn:
- #"${concatStringsSep " " ((attrNames t."${cn}") ++ [cn])}";
-
- #TODO: double check should be unneccessary, refactor!
- if (hasAttr "rules" ts."${tn}"."${cn}") then
- if (ts."${tn}"."${cn}".rules == null) then
- ""
+ let
+ sortedRules = sort (a: b: a.precedence < b.precedence) ts."${tn}"."${cn}".rules;
+
+ in
+ #TODO: double check should be unneccessary, refactor!
+ if (hasAttr "rules" ts."${tn}"."${cn}") then
+ if (ts."${tn}"."${cn}".rules == null) then
+ ""
+ else
+ concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([]
+ ++ map (buildRule tn cn) sortedRules
+ )
else
- concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([]
- ++ map (buildRule tn cn) ts."${tn}"."${cn}".rules
- )
- else
- ""
- ;
+ ""
+ ;
buildRule = tn: cn: rule:
@@ -143,7 +144,7 @@ let
"\nCOMMIT";
in
concatStringsSep "\n" ([]
- ++ map buildTable (attrNames sortedTable)
+ ++ map buildTable (attrNames ts)
);
#=====