mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-25 15:09:12 +01:00
Make save/restore work with SAVE_IPSETS=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
e3c75dcfcc
commit
4e0f9b2ef3
@ -375,9 +375,17 @@ sub generate_script_3($) {
|
|||||||
' $IPSET -X' ,
|
' $IPSET -X' ,
|
||||||
' $IPSET -R < ${VARDIR}/ipsets.save' ,
|
' $IPSET -R < ${VARDIR}/ipsets.save' ,
|
||||||
' fi' ,
|
' fi' ,
|
||||||
'' );
|
'elif [ "$COMMAND" = restart ]; then' ,
|
||||||
|
' if [ -f $(my_pathname)-ipsets ] && ! chain_exists shorewall; then' ,
|
||||||
|
' $IPSET -F' ,
|
||||||
|
' $IPSET -X' ,
|
||||||
|
' $IPSET -R < $(my_pathname)-ipsets' ,
|
||||||
|
' fi' ,
|
||||||
|
);
|
||||||
|
|
||||||
if ( @ipsets ) {
|
if ( @ipsets ) {
|
||||||
|
emit '';
|
||||||
|
|
||||||
emit ( " qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
|
emit ( " qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
|
||||||
|
|
||||||
emit ( '' ,
|
emit ( '' ,
|
||||||
|
|||||||
@ -267,6 +267,7 @@ save_config() {
|
|||||||
|
|
||||||
local result
|
local result
|
||||||
result=1
|
result=1
|
||||||
|
local hack
|
||||||
|
|
||||||
iptables_save=${IPTABLES}-save
|
iptables_save=${IPTABLES}-save
|
||||||
|
|
||||||
@ -293,6 +294,47 @@ save_config() {
|
|||||||
mv -f ${VARDIR}/restore-$$ ${RESTOREPATH}-iptables
|
mv -f ${VARDIR}/restore-$$ ${RESTOREPATH}-iptables
|
||||||
chmod +x $RESTOREPATH
|
chmod +x $RESTOREPATH
|
||||||
echo " Currently-running Configuration Saved to $RESTOREPATH"
|
echo " Currently-running Configuration Saved to $RESTOREPATH"
|
||||||
|
|
||||||
|
case ${SAVE_IPSETS:=No} in
|
||||||
|
[Yy]es)
|
||||||
|
case ${IPSET:=ipset} in
|
||||||
|
*/*)
|
||||||
|
if [ ! -x "$IPSET" ]; then
|
||||||
|
error_message "ERROR: IPSET=$IPSET does not exist or is not executable - ipsets are not saved"
|
||||||
|
IPSET=
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
IPSET="$(mywhich $IPSET)"
|
||||||
|
[ -n "$IPSET" ] || error_message "ERROR: The ipset utility cannot be located - ipsets are not saved"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
if [ -n "$IPSET" ]; then
|
||||||
|
if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then
|
||||||
|
#
|
||||||
|
# The 'grep -v' is a hack for a bug in ipset's nethash implementation when xtables-addons is applied to Lenny
|
||||||
|
#
|
||||||
|
hack='| grep -v /31'
|
||||||
|
else
|
||||||
|
hack=
|
||||||
|
fi
|
||||||
|
|
||||||
|
if eval $IPSET -S $hack > ${VARDIR}/ipsets.tmp; then
|
||||||
|
#
|
||||||
|
# Don't save an 'empty' file
|
||||||
|
#
|
||||||
|
grep -q '^-N' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${RESTOREPATH}-ipsets && echo " Ipsets Saved to ${RESTOREPATH}-ipsets"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
[Nn]o)
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
error_message "WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
run_user_exit save
|
run_user_exit save
|
||||||
else
|
else
|
||||||
rm -f ${VARDIR}/restore-$$
|
rm -f ${VARDIR}/restore-$$
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user