summaryrefslogtreecommitdiffstats
path: root/3modules/lass/iptables.nix
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-07-18 13:55:17 +0200
committerlassulus <lass@aidsballs.de>2015-07-18 14:11:11 +0200
commit7f30f58a3e2f5e9a7333fa1f5be9c998c6ad098a (patch)
tree66d4151c598cebab39f1f333e0f92f55685dea6a /3modules/lass/iptables.nix
parente478f140e0e704f9985db039eb178be13af63abb (diff)
3 lass.iptables: sort rules by precedence
Diffstat (limited to '3modules/lass/iptables.nix')
-rw-r--r--3modules/lass/iptables.nix9
1 files changed, 5 insertions, 4 deletions
diff --git a/3modules/lass/iptables.nix b/3modules/lass/iptables.nix
index 1cd6d3f8e..ba05abeb2 100644
--- a/3modules/lass/iptables.nix
+++ b/3modules/lass/iptables.nix
@@ -95,10 +95,12 @@ let
};
};
- #buildTable :: iptablesAttrSet` -> str
+ #buildTable :: iptablesVersion -> iptablesAttrSet` -> str
#todo: differentiate by iptables-version
- buildTables = iptv: ts:
+ buildTables = v: ts:
let
+ sortedTable = sort (a: b: a.precedence < b.precedence) ts;
+
declareChain = t: cn:
#TODO: find out what to do whit these count numbers
":${cn} ${t."${cn}".policy} [0:0]";
@@ -106,7 +108,6 @@ let
buildChain = tn: cn:
#"${concatStringsSep " " ((attrNames t."${cn}") ++ [cn])}";
- #TODO: sort by precedence
#TODO: double check should be unneccessary, refactor!
if (hasAttr "rules" ts."${tn}"."${cn}") then
if (ts."${tn}"."${cn}".rules == null) then
@@ -144,7 +145,7 @@ let
"\nCOMMIT";
in
concatStringsSep "\n" ([]
- ++ map buildTable (attrNames ts)
+ ++ map buildTable (attrNames sortedTable)
);
#=====