[augeas-devel] [PATCH] Lokkit: new lens and test
David Lutterkort
lutter at redhat.com
Thu Mar 19 01:52:35 UTC 2009
---
doc/naturaldocs/conf/lenses/Menu.txt | 1 +
lenses/lokkit.aug | 78 +++++++++++++++++++++++++++++++++
lenses/tests/test_lokkit.aug | 79 ++++++++++++++++++++++++++++++++++
3 files changed, 158 insertions(+), 0 deletions(-)
create mode 100644 lenses/lokkit.aug
create mode 100644 lenses/tests/test_lokkit.aug
diff --git a/doc/naturaldocs/conf/lenses/Menu.txt b/doc/naturaldocs/conf/lenses/Menu.txt
index 5d71e72..2a95e38 100644
--- a/doc/naturaldocs/conf/lenses/Menu.txt
+++ b/doc/naturaldocs/conf/lenses/Menu.txt
@@ -56,6 +56,7 @@ Group: Specific Modules {
File: Dpkg (dpkg.aug)
File: Exports (exports.aug)
File: Iptables (iptables.aug)
+ File: Lokkit (lokkit.aug)
File: Modprobe (modprobe.aug)
File: Services (services.aug)
File: Sshd (sshd.aug)
diff --git a/lenses/lokkit.aug b/lenses/lokkit.aug
new file mode 100644
index 0000000..1d23c3c
--- /dev/null
+++ b/lenses/lokkit.aug
@@ -0,0 +1,78 @@
+module Lokkit =
+ autoload xfm
+
+(* Module: Lokkit
+ Parse the config file for lokkit from system-config-firewall
+*)
+
+let comment = Util.comment
+let empty = Util.empty
+let eol = Util.eol
+let spc = Util.del_ws_spc
+let dels = Util.del_str
+
+let eq = del /[ \t=]+/ "="
+let token = store /[a-zA-Z0-9]+/
+
+let long_opt (n:regexp) =
+ [ dels "--" . key n . eq . token . eol ]
+
+let flag (n:regexp) =
+ [ dels "--" . key n . eol ]
+
+let option (l:string) (s:string) =
+ del ("--" . l | "-" . s) ("--" . l) . label l . eq
+
+let opt (l:string) (s:string) =
+ [ option l s . token . eol ]
+
+(* port directive
+ -p <port>[-<port>]:<protocol>, --port=<port>[-<port>]:<protocol>
+*)
+let port =
+ let portnum = store /[0-9]+/ in
+ [ option "port" "p" .
+ [ label "start" . portnum ] .
+ (dels "-" . [ label "end" . portnum])? .
+ dels ":" . [ label "protocol" . token ] . eol ]
+
+(* custom_rules directive
+ --custom-rules=[<type>:][<table>:]<filename>
+*)
+let custom_rules =
+ let types = store /ipv4|ipv6/ in
+ let tables = store /mangle|nat|filter/ in
+ let filename = store /[^ \t\n:=][^ \t\n:]*/ in
+ [ dels "--custom-rules" . label "custom-rules" . eq .
+ [ label "type" . types . dels ":" ]? .
+ [ label "table" . tables . dels ":"]? .
+ filename . eol ]
+
+(* forward_port directive
+ --forward-port=if=<interface>:port=<port>:proto=<protocol>[:toport=<destination port>][:toaddr=<destination address>]
+*)
+let forward_port =
+ let elem (n:string) (v:lens) =
+ [ key n . eq . v ] in
+ let ipaddr = store /[0-9.]+/ in
+ let colon = dels ":" in
+ [ dels "--forward-port" . label "forward-port" . eq .
+ elem "if" token . colon .
+ elem "port" token . colon .
+ elem "proto" token .
+ (colon . elem "toport" token)? .
+ (colon . elem "toaddr" ipaddr)? ]
+
+let entry =
+ long_opt /selinux|selinuxtype|addmodule|removemodule|block-icmp/
+ |flag /enabled|disabled/
+ |opt "service" "s"
+ |port
+ |opt "trust" "t"
+ |opt "masq" "m"
+ |custom_rules
+ |forward_port
+
+let lns = (comment|empty|entry)*
+
+let xfm = transform lns (incl "/etc/sysconfig/system-config-firewall")
diff --git a/lenses/tests/test_lokkit.aug b/lenses/tests/test_lokkit.aug
new file mode 100644
index 0000000..1c1a70f
--- /dev/null
+++ b/lenses/tests/test_lokkit.aug
@@ -0,0 +1,79 @@
+module Test_lokkit =
+
+let conf = "# Configuration file for system-config-firewall
+
+--enabled
+--port=111:tcp
+-p 111:udp
+-p 2020-2049:tcp
+--port=5900-5910:tcp
+--custom-rules=ipv4:filter:/var/lib/misc/iptables-forward-bridged
+-s dns
+--service=ssh
+--trust=trust1
+--masq=eth42
+--block-icmp=5
+-t trust0
+--addmodule=fancy
+--removemodule=broken
+--forward-port=if=forw0:port=42:proto=tcp:toport=42:toaddr=192.168.0.42
+--selinux=permissive
+"
+
+test Lokkit.lns get conf =
+ { "#comment" = "Configuration file for system-config-firewall" }
+ { }
+ { "enabled" }
+ { "port"
+ { "start" = "111" }
+ { "protocol" = "tcp" } }
+ { "port"
+ { "start" = "111" }
+ { "protocol" = "udp" } }
+ { "port"
+ { "start" = "2020" }
+ { "end" = "2049" }
+ { "protocol" = "tcp" } }
+ { "port"
+ { "start" = "5900" }
+ { "end" = "5910" }
+ { "protocol" = "tcp" } }
+ { "custom-rules" = "/var/lib/misc/iptables-forward-bridged"
+ { "type" = "ipv4" }
+ { "table" = "filter" } }
+ { "service" = "dns" }
+ { "service" = "ssh" }
+ { "trust" = "trust1" }
+ { "masq" = "eth42" }
+ { "block-icmp" = "5" }
+ { "trust" = "trust0" }
+ { "addmodule" = "fancy" }
+ { "removemodule" = "broken" }
+ { "forward-port"
+ { "if" = "forw0" }
+ { "port" = "42" }
+ { "proto" = "tcp" }
+ { "toport" = "42" }
+ { "toaddr" = "192.168.0.42" } }
+ { }
+ { "selinux" = "permissive" }
+
+test Lokkit.custom_rules get
+"--custom-rules=ipv4:filter:/some/file\n" =
+ { "custom-rules" = "/some/file"
+ { "type" = "ipv4" }
+ { "table" = "filter" } }
+
+test Lokkit.custom_rules get
+"--custom-rules=filter:/some/file\n" =
+ { "custom-rules" = "/some/file"
+ { "table" = "filter" } }
+
+test Lokkit.custom_rules get
+"--custom-rules=ipv4:/some/file\n" =
+ { "custom-rules" = "/some/file"
+ { "type" = "ipv4" } }
+
+test Lokkit.custom_rules get
+"--custom-rules=/some/file\n" =
+ { "custom-rules" = "/some/file" }
--
1.6.0.6
More information about the augeas-devel
mailing list