1module Lokkit = 2 autoload xfm 3 4(* Module: Lokkit 5 Parse the config file for lokkit from system-config-firewall 6*) 7 8let comment = Util.comment 9let empty = Util.empty 10let eol = Util.eol 11let spc = Util.del_ws_spc 12let dels = Util.del_str 13 14let eq = del /[ \t=]+/ "=" 15let token = store /[a-zA-Z0-9][a-zA-Z0-9-]*/ 16 17let long_opt (n:regexp) = 18 [ dels "--" . key n . eq . token . eol ] 19 20let flag (n:regexp) = 21 [ dels "--" . key n . eol ] 22 23let option (l:string) (s:string) = 24 del ("--" . l | "-" . s) ("--" . l) . label l . eq 25 26let opt (l:string) (s:string) = 27 [ option l s . token . eol ] 28 29(* trust directive 30 -t <interface>, --trust=<interface> 31*) 32let trust = 33 [ option "trust" "t" . store Rx.device_name . eol ] 34 35(* port directive 36 -p <port>[-<port>]:<protocol>, --port=<port>[-<port>]:<protocol> 37*) 38let port = 39 let portnum = store /[0-9]+/ in 40 [ option "port" "p" . 41 [ label "start" . portnum ] . 42 (dels "-" . [ label "end" . portnum])? . 43 dels ":" . [ label "protocol" . token ] . eol ] 44 45(* custom_rules directive 46 --custom-rules=[<type>:][<table>:]<filename> 47*) 48let custom_rules = 49 let types = store /ipv4|ipv6/ in 50 let tables = store /mangle|nat|filter/ in 51 let filename = store /[^ \t\n:=][^ \t\n:]*/ in 52 [ dels "--custom-rules" . label "custom-rules" . eq . 53 [ label "type" . types . dels ":" ]? . 54 [ label "table" . tables . dels ":"]? . 55 filename . eol ] 56 57(* forward_port directive 58 --forward-port=if=<interface>:port=<port>:proto=<protocol>[:toport=<destination port>][:toaddr=<destination address>] 59*) 60let forward_port = 61 let elem (n:string) (v:lens) = 62 [ key n . eq . v ] in 63 let ipaddr = store /[0-9.]+/ in 64 let colon = dels ":" in 65 [ dels "--forward-port" . label "forward-port" . eq . 66 elem "if" token . colon . 67 elem "port" token . colon . 68 elem "proto" token . 69 (colon . elem "toport" token)? . 70 (colon . elem "toaddr" ipaddr)? . eol ] 71 72let entry = 73 long_opt /selinux|selinuxtype|addmodule|removemodule|block-icmp/ 74 |flag /enabled|disabled/ 75 |opt "service" "s" 76 |port 77 |trust 78 |opt "masq" "m" 79 |custom_rules 80 |forward_port 81 82let lns = (comment|empty|entry)* 83 84let xfm = transform lns (incl "/etc/sysconfig/system-config-firewall") 85