extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-03 03:59:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enable dynamic zones to work with all ipset versions

Browse Source 
- Re-add lost logic from 4.5.8.1 fix.
- create separate variables for add/delete and LIST

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-10-07 08:10:57 -07:00
parent 7ca1a43118
commit 431309678a
1 changed files with 53 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
Shorewall-core/lib.cli
View File

@ -500,6 +500,26 @@ show_routing() {
fi fi
} }
determine_ipset_version() {
local setname
if [ $IPSET = ipset ]; then
IPSET=$(mywhich ipset)
[ -n "$IPSET" ] || fatal_error "The ipset utility cannot be located"
fi
setname=fooX$$
qt ipset -X $setname # Just in case something went wrong the last time
if qt ipset -N $setname hash:ip family inet; then
qt ipset -X $setname
IPSETN="$IPSET"
else
IPSETN="$IPSET -n"
fi
}
# #
# 'list dynamic' command executor # 'list dynamic' command executor
# #
@ -507,7 +527,7 @@ find_sets() {
local junk local junk
local setname local setname
ipset -L | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done $IPSETN -L | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done
} }
list_zone() { list_zone() {
@ -515,22 +535,22 @@ list_zone() {
local sets local sets
local setname local setname
[ -n "$(mywhich ipset)" ] || fatal_error "The ipset utility cannot be located" determine_ipset_version
if [ $g_family -eq 4 ]; then if [ $g_family -eq 4 ]; then
sets=$(ipset -L | grep "^$1_"); sets=$($IPSETN -L | grep "^$1_");
else else
sets=$(ipset -L | grep "^6_$1_") sets=$($IPSETN -L | grep "^6_$1_")
fi fi
[ -n "$sets" ] || sets=$(find_sets $1) [ -n "$sets" ] || sets=$(find_sets $1)
for setname in $sets; do for setname in $sets; do
echo "${setname#${1}_}:" echo "${setname#${1}_}:"
ipset -L $setname -n | awk 'BEGIN {prnt=0;}; \ $IPSETN -L $setname | awk 'BEGIN {prnt=0;}; \
/^Members:/ {prnt=1; next; }; \ /^Members:/ {prnt=1; next; }; \
/^Bindings:/ {prnt=0; }; \ /^Bindings:/ {prnt=0; }; \
{ if (prnt == 1) print " ", $1; };' { if (prnt == 1) print " ", $1; };'
done done
} }
@ -1590,13 +1610,7 @@ add_command() {
exit 2 exit 2
fi fi
case "$IPSET" in determine_ipset_version
*/*)
;;
*)
[ -n "$(mywhich $IPSET)" ] || fatal_error "The $IPSET utility cannot be located"
;;
esac
# #
# Normalize host list # Normalize host list
# #
@ -1631,7 +1645,7 @@ add_command() {
ipset=6_${zone}_${interface}; ipset=6_${zone}_${interface};
fi fi
if ! qt $IPSET -L $ipset -n; then if ! qt $IPSET -L $ipset; then
fatal_error "Zone $zone, interface $interface does not have a dynamic host list" fatal_error "Zone $zone, interface $interface does not have a dynamic host list"
fi fi
@ -1656,14 +1670,7 @@ delete_command() {
exit 2; exit 2;
fi fi
case "$IPSET" in determine_ipset_version
*/*)
;;
*)
[ -n "$(mywhich $IPSET)" ] || fatal_error "The $IPSET utility cannot be located"
;;
esac
# #
# Normalize host list # Normalize host list
# #
@ -2868,7 +2875,27 @@ get_config() {
exit 2 exit 2
fi fi
IPSET=ipset if [ -n "$IPSET" ]; then
case "$IPSET" in
*/*)
if [ ! -x "$IPSET" ] ; then
echo " ERROR: The program specified in IPSET ($IPSET) does not exist or is not executable" >&2
exit 2
fi
;;
*)
prog="$(mywhich $IPSET 2> /dev/null)"
if [ -z "$prog" ] ; then
echo " ERROR: Can't find $IPSET executable" >&2
exit 2
fi
IPSET=$prog
;;
esac
else
IPSET='ipset'
fi
TC=tc TC=tc
} }