[augeas-devel] Problem with iptables lense and blank lines

Mon, 07 Mar 2011 02:40:11 -0800 

Hi Augeas developers,

I am trying to write a lense for the UFW firewall (see
https://help.ubuntu.com/community/UFW) to use in Puppet scripts. Some
of UFW's configuration files are in iptables format, so I would like
to reuse the 'stock' iptables configuration like this:

(* Parse rules config files for ufw *)
module Ufw_Rules =
  autoload xfm

  let lns = Iptables.lns

  let filter = incl "/etc/ufw/*.rules"
      . Util.stdexcl

  let xfm = transform lns filter


But because of the blank lines, parsing fails:

augtool> ls /augeas/files/etc/ufw/before.rules/
path = /files/etc/ufw/before.rules
lens/ = @Ufw_Rules
error/ = parse_failed
augtool> ls /augeas/files/etc/ufw/before.rules/error
pos = 355
line = 11
char = 0
lens = /usr/share/augeas/lenses/dist/iptables.aug:72.10-.32:
message = Iterated lens matched less than it should

Attached is the before.rules file I used to test, and a patch that
allows iptables to work with blank lines.

Please let me know if you need anything else, and if it's possible for
this patch to be applied.

Thank you,
Terence Haddock

Attachment: before.rules
Description: Binary data

diff --git a/lenses/iptables.aug b/lenses/iptables.aug
index 8a4a9b7..9fc842c 100644
--- a/lenses/iptables.aug
+++ b/lenses/iptables.aug
@@ -66,7 +66,9 @@ let add_rule =
     chain_action "append" "-A" | chain_action "insert" "-I"
 
 let table = [ del /\*/ "*" . label "table" . store /[a-z]+/ . eol .
-                (chain|comment)* . (add_rule . comment*)* .
+                ( (comment | empty)* . chain)* .
+                ( (comment | empty)* . add_rule)* .
+                (comment | empty)* .
                 dels "COMMIT" . eol ]
 
 let lns = (comment|empty|table)*
diff --git a/lenses/tests/test_iptables.aug b/lenses/tests/test_iptables.aug
index ecc3c62..ab46f95 100644
--- a/lenses/tests/test_iptables.aug
+++ b/lenses/tests/test_iptables.aug
@@ -83,6 +83,22 @@ COMMIT\n" =
           { "in-interface" = "lo" }
           { "jump" = "ACCEPT" } } }
 
+test Iptables.table get "*filter
+
+:RH-Firewall-1-INPUT - [0:0]
+
+-A FORWARD -j RH-Firewall-1-INPUT
+
+COMMIT\n" =
+  { "table" = "filter"
+      { }
+      { "chain" = "RH-Firewall-1-INPUT"
+          { "policy" = "-" } }
+      { }
+      { "append" = "FORWARD"
+          { "jump" = "RH-Firewall-1-INPUT" } }
+      { } }
+
 let conf = "# Generated by iptables-save v1.2.6a on Wed Apr 24 10:19:55 2002
 *filter
 :INPUT DROP [1:229]

_______________________________________________
augeas-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/augeas-devel

Reply via email to