[augeas-devel] [PATCH 4/4] Allow blank and comment lines throughout config file in iptables

Bill Pemberton wfp5p at virginia.edu
Fri Mar 25 12:52:45 UTC 2011 

---
 lenses/iptables.aug            |   13 ++++++++-----
 lenses/tests/test_iptables.aug |   12 +++++++++++-
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/lenses/iptables.aug b/lenses/iptables.aug
index 8a4a9b7..891d57e 100644
--- a/lenses/iptables.aug
+++ b/lenses/iptables.aug
@@ -58,15 +58,18 @@ let ipt_match =
     |param "match" "m"
     |any_param)*
 
-let add_rule =
-  let chain_action (n:string) (o:string) =
+let chain_action (n:string) (o:string) =
     [ label n .
         del (/--/ . n | o) o .
-        spc . chain_name . ipt_match . eol ] in
-    chain_action "append" "-A" | chain_action "insert" "-I"
+        spc . chain_name . ipt_match . eol ]
+
+let table_rule = chain_action "append" "-A"
+	       | chain_action "insert" "-I"
+	       | empty
+
 
 let table = [ del /\*/ "*" . label "table" . store /[a-z]+/ . eol .
-                (chain|comment)* . (add_rule . comment*)* .
+                (chain|comment|table_rule)* .
                 dels "COMMIT" . eol ]
 
 let lns = (comment|empty|table)*
diff --git a/lenses/tests/test_iptables.aug b/lenses/tests/test_iptables.aug
index ecc3c62..a77fad1 100644
--- a/lenses/tests/test_iptables.aug
+++ b/lenses/tests/test_iptables.aug
@@ -1,6 +1,6 @@
 module Test_iptables =
 
-let add_rule = Iptables.add_rule
+let add_rule = Iptables.table_rule
 let ipt_match = Iptables.ipt_match
 
 test add_rule get
@@ -89,7 +89,11 @@ let conf = "# Generated by iptables-save v1.2.6a on Wed Apr 24 10:19:55 2002
 :FORWARD DROP [0:0]
 :OUTPUT DROP [0:0]
 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+
 -I FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+# comments and blank lines are allow between rules
+
 -A FORWARD -i eth1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
 --append OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
 COMMIT
@@ -97,6 +101,7 @@ COMMIT
 # Generated by iptables-save v1.2.6a on Wed Apr 24 10:19:55 2002
 *mangle
 :PREROUTING ACCEPT [658:32445]
+
 :INPUT ACCEPT [658:32445]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [891:68234]
@@ -126,11 +131,15 @@ test Iptables.lns get conf =
       { "match" = "state" }
       { "state" = "RELATED,ESTABLISHED" }
       { "jump" = "ACCEPT" } }
+    {}
     { "insert" = "FORWARD"
       { "in-interface" = "eth0" }
       { "match" = "state" }
       { "state" = "RELATED,ESTABLISHED" }
       { "jump" = "ACCEPT" } }
+    {}
+    { "#comment" = "comments and blank lines are allow between rules" }
+    {}
     { "append" = "FORWARD"
       { "in-interface" = "eth1" }
       { "match" = "state" }
@@ -145,6 +154,7 @@ test Iptables.lns get conf =
       "Generated by iptables-save v1.2.6a on Wed Apr 24 10:19:55 2002" }
   { "table" = "mangle"
     { "chain" = "PREROUTING" { "policy" = "ACCEPT" } }
+    {}
     { "chain" = "INPUT" { "policy" = "ACCEPT" } }
     { "chain" = "FORWARD" { "policy" = "ACCEPT" } }
     { "chain" = "OUTPUT" { "policy" = "ACCEPT" } }
-- 
1.7.4

More information about the augeas-devel mailing list