Commit 964e8f25 authored by Marek Vavrusa's avatar Marek Vavrusa
Browse files

modules/policy: doc update, compat with 1.0 api

parent 5b80a057
......@@ -8,11 +8,12 @@ This module is a high-level interface for other powerful filtering modules and D
Example configuration
^^^^^^^^^^^^^^^^^^^^^
.. code-block:: lua
Firewall rules are declarative and consist of filters and actions. Filters have ``field operator operand`` notation (e.g. ``qname = example.com``), and may be chained using AND/OR keywords. Actions may or may not have parameters after the action name.
modules = { 'http', 'daf' }
.. code-block:: lua
-- Let's write some daft rules!
modules = { 'daf' }
-- Block all queries with QNAME = example.com
daf.add 'qname = example.com deny'
......@@ -39,8 +40,19 @@ Example configuration
-- Truncate queries based on destination IPs
daf.add 'dst = 192.0.2.51 truncate'
-- Disable a rule
daf.disable 2
-- Enable a rule
daf.enable 2
-- Delete a rule
daf.del 2
If you're not sure what firewall rules are in effect, see ``daf.rules``:
.. code-block:: text
-- Show active rules
daf.rules
> daf.rules
[1] => {
[rule] => {
[count] => 42
......@@ -60,12 +72,3 @@ Example configuration
[info] => qname ~ %w+.facebook.com AND src = 127.0.0.1/8 deny...
[policy] => function: 0x1a3ede88
}
...
-- Disable a rule
daf.disable 2
-- Enable a rule
daf.enable 2
-- Delete a rule
daf.del 2
......@@ -243,6 +243,13 @@ policy.layer = {
-- Add rule to policy list
function policy.add(rule, postrule)
-- Compatibility with 1.0.0 API
-- it will be dropped in 1.2.0
if rule == policy then
rule = postrule
postrule = nil
end
-- End of compatibility shim
local desc = {id=getruleid(), cb=rule, count=0}
table.insert(postrule and policy.postrules or policy.rules, desc)
return desc
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment