summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-07-18 13:55:56 +0200
committerlassulus <lass@aidsballs.de>2015-07-18 14:11:11 +0200
commit06a969575684ee21179a7d5730bbed2d65c38173 (patch)
tree96e5bb07124cfaa8d180f7ba6a44dff4d3f3dc0c
parent7f30f58a3e2f5e9a7333fa1f5be9c998c6ad098a (diff)
3 lass.iptables: check if target is valid
-rw-r--r--3modules/lass/iptables.nix12
1 files changed, 5 insertions, 7 deletions
diff --git a/3modules/lass/iptables.nix b/3modules/lass/iptables.nix
index ba05abeb2..52058821c 100644
--- a/3modules/lass/iptables.nix
+++ b/3modules/lass/iptables.nix
@@ -114,20 +114,18 @@ let
""
else
concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([]
- ++ map buildRule ts."${tn}"."${cn}".rules
+ ++ map (buildRule tn cn) ts."${tn}"."${cn}".rules
)
else
""
;
- buildRule = rule:
- #TODO implement rule validation-test here
- #
- #target:
- #target needs to be an existing chain (in the same table) or ACCEPT, REJECT, DROP, LOG, QUEUE, RETURN
+ buildRule = tn: cn: rule:
+ #target validation test:
+ assert (elemIsIn rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ ts."${tn}"."${cn}"));
- #predicate:
+ #predicate validation test:
#maybe use iptables-test
#TODO: howto exit with evaluation error by shellscript?
#apperantly not possible from nix because evalatution wouldn't be deterministic.