3 lass.iptables: check if target is valid

2015-07-18 13:55:56 +02:00 · 2015-07-18 13:55:56 +02:00 · 06a9695756
parent 7f30f58a3e
commit 06a9695756
1 changed files with 5 additions and 7 deletions
--- a/3modules/lass/iptables.nix
+++ b/3modules/lass/iptables.nix
@ -114,20 +114,18 @@ let
            ""
          else
            concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([]
-              ++ map buildRule ts."${tn}"."${cn}".rules
+              ++ map (buildRule tn cn) ts."${tn}"."${cn}".rules
            )
        else
          ""
        ;


-      buildRule = rule:
-        #TODO implement rule validation-test here
-        #
-        #target:
-        #target needs to be an existing chain (in the same table) or ACCEPT, REJECT, DROP, LOG, QUEUE, RETURN
+      buildRule = tn: cn: rule:
+        #target validation test:
+        assert (elemIsIn rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ ts."${tn}"."${cn}"));

-        #predicate:
+        #predicate validation test:
        #maybe use iptables-test
        #TODO: howto exit with evaluation error by shellscript?
          #apperantly not possible from nix because evalatution wouldn't be deterministic.