More IPv6 ipset fixes

- use 'family inet6' rather than 'family ipv6' - Correct one more case of 'iphash' vs 'hash:ip family inet6' - Encapsulate ipset -N into an 'ensure_ipset()' function Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-01-29 17:09:32 +01:00 · 2011-06-20 07:43:32 -07:00 · 2011-06-20 07:43:32 -07:00 · 785de281b5
commit 785de281b5
parent 4c2f12e645
1 changed files with 16 additions and 17 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -4505,6 +4505,17 @@ EOF
 	   '' );
 }

+sub ensure_ipset( $ ) {
+    my $set = shift;
+
+    if ( $family == F_IPV4 ) {
+	emit ( "    qt \$IPSET -L $set -n || \$IPSET -N $_ iphash" );
+    } else {
+	emit ( "    qt \$IPSET -L $set -n || \$IPSET -N $_ hash:ip family inet6" );
+    }
+}
+    
+
 sub load_ipsets() {

    my @ipsets = all_ipsets;
@ -4533,11 +4544,7 @@ sub load_ipsets() {
 	if ( @ipsets ) {
 	    emit ( '' );

-	    if ( $family == F_IPV4 ) {
-		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
-	    } else {
-		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family ipv6" ) for @ipsets;
-	    }
+	    ensure_ipset( $_ ) for @ipsets;

 	    emit ( '' );
 	}
@ -4557,17 +4564,13 @@ sub load_ipsets() {
 	if ( @ipsets ) {
 	    emit '';

-	    if ( $family == F_IPV4 ) {
-		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
-	    } else {
-		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family ipv6" ) for @ipsets;
-	    }
+	    ensure_ipset( $_ ) for @ipsets;

 	    emit ( '' ,
 		   'elif [ "$COMMAND" = restart ]; then' ,
 		   '' );

-	    emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
+	    ensure_ipset( $_ ) for @ipsets;

 	    emit ( '' ,
 		   '    if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then' ,
@ -4580,15 +4583,11 @@ sub load_ipsets() {
 		   '    fi' ,
 		   '',
 		   '    if eval $IPSET -S $hack > ${VARDIR}/ipsets.tmp; then' ,
-		   '        grep -q "^-N" ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save' ,
+		   '        grep -qE -- "^(-N|create )" ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save' ,
 		   '    fi',
 		   'elif [ "$COMMAND" = refresh ]; then' );

-	    if ( $family == F_IPV4 ) {
-		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
-	    } else {
-		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family ipv6" ) for @ipsets;
-	    }
+	    ensure_ipset( $_ ) for @ipsets;
 	}

 	emit ( 'fi' ,