From e89daf7885b93925899afcb15ecdb5e9d559adbe Mon Sep 17 00:00:00 2001
From: =?utf8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vladimir.cunat@nic.cz>
Date: Wed, 30 Dec 2020 11:25:16 +0100
Subject: [PATCH] daf: Add clear method

Make it easier to delete all rules specified in daf.
---
 NEWS                   | 1 +
 modules/daf/README.rst | 3 +++
 modules/daf/daf.lua    | 9 +++++++++
 3 files changed, 13 insertions(+)

diff --git a/NEWS b/NEWS
index b956c95fc..91e736175 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ Improvements
 ------------
 - more consistency in using parent-side records for NS addresses (!1097)
 - better algorithm for choosing nameservers (!1030)
+- daf module: add daf.clear() (!1114)
 
 Bugfixes
 --------
diff --git a/modules/daf/README.rst b/modules/daf/README.rst
index a988028a5..a5e025e92 100644
--- a/modules/daf/README.rst
+++ b/modules/daf/README.rst
@@ -55,6 +55,9 @@ Firewall rules are declarative and consist of filters and actions. Filters have
     -- Delete a rule
     daf.del(2)
 
+    -- Delete all rules and start from scratch
+    daf.clear()
+
 .. warning:: Only the first matching rule's action is executed.  Defining
    additional actions for the same matching rule, e.g.  ``src = 127.0.0.1/8``,
    will have no effect.
diff --git a/modules/daf/daf.lua b/modules/daf/daf.lua
index a658fb401..94c2f164e 100644
--- a/modules/daf/daf.lua
+++ b/modules/daf/daf.lua
@@ -194,6 +194,15 @@ function M.del(id)
 	return nil
 end
 
+-- @function Remove all rules
+function M.clear()
+	for _, r in ipairs(M.rules) do
+		policy.del(r.rule.id)
+	end
+	M.rules = {}
+	return true
+end
+
 -- @function Find a rule
 function M.get(id)
 	for _, r in ipairs(M.rules) do
-- 
2.47.2