daf: Add clear method

Make it easier to delete all rules specified in daf.

diff --git a/NEWS b/NEWS
index b956c95fc02300241664e5310086c7792b5aba9b..91e736175ddeb3cb9b470d307e28d6f5e3718ff9 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ Improvements
 ------------
 - more consistency in using parent-side records for NS addresses (!1097)
 - better algorithm for choosing nameservers (!1030)
+- daf module: add daf.clear() (!1114)
 
 Bugfixes
 --------

diff --git a/modules/daf/README.rst b/modules/daf/README.rst
index a988028a51822ec1a89c4c00b2ed981a1bfe667b..a5e025e92461de231fe4d67e29abacc589679581 100644 (file)
--- a/modules/daf/README.rst
+++ b/modules/daf/README.rst
@@ -55,6 +55,9 @@ Firewall rules are declarative and consist of filters and actions. Filters have
     -- Delete a rule
     daf.del(2)
 
+    -- Delete all rules and start from scratch
+    daf.clear()
+
 .. warning:: Only the first matching rule's action is executed.  Defining
    additional actions for the same matching rule, e.g.  ``src = 127.0.0.1/8``,
    will have no effect.

diff --git a/modules/daf/daf.lua b/modules/daf/daf.lua
index a658fb4016c9227d6fdba387d42ca462085ba7cf..94c2f164e42e4ff503d46152123edaaa82f330eb 100644 (file)
--- a/modules/daf/daf.lua
+++ b/modules/daf/daf.lua
@@ -194,6 +194,15 @@ function M.del(id)
        return nil
 end
 
+-- @function Remove all rules
+function M.clear()
+       for _, r in ipairs(M.rules) do
+               policy.del(r.rule.id)
+       end
+       M.rules = {}
+       return true
+end
+
 -- @function Find a rule
 function M.get(id)
        for _, r in ipairs(M.rules) do