extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-05-31 15:05:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

More IPv6 ipset fixes

Browse Source 
- use 'family inet6' rather than 'family ipv6'
- Correct one more case of 'iphash' vs 'hash:ip family inet6'
- Encapsulate ipset -N into an 'ensure_ipset()' function

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-06-20 07:43:32 -07:00
parent 4c2f12e645
commit 785de281b5
1 changed files with 16 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -4505,6 +4505,17 @@ EOF
'' ); '' );
} }
sub ensure_ipset( $ ) {
my $set = shift;
if ( $family == F_IPV4 ) {
emit ( " qt \$IPSET -L $set -n || \$IPSET -N $_ iphash" );
} else {
emit ( " qt \$IPSET -L $set -n || \$IPSET -N $_ hash:ip family inet6" );
}
}
sub load_ipsets() { sub load_ipsets() {
my @ipsets = all_ipsets; my @ipsets = all_ipsets;
@ -4533,11 +4544,7 @@ sub load_ipsets() {
if ( @ipsets ) { if ( @ipsets ) {
emit ( '' ); emit ( '' );
if ( $family == F_IPV4 ) { ensure_ipset( $_ ) for @ipsets;
emit ( " qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
} else {
emit ( " qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family ipv6" ) for @ipsets;
}
emit ( '' ); emit ( '' );
} }
@ -4557,17 +4564,13 @@ sub load_ipsets() {
if ( @ipsets ) { if ( @ipsets ) {
emit ''; emit '';
if ( $family == F_IPV4 ) { ensure_ipset( $_ ) for @ipsets;
emit ( " qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
} else {
emit ( " qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family ipv6" ) for @ipsets;
}
emit ( '' , emit ( '' ,
'elif [ "$COMMAND" = restart ]; then' , 'elif [ "$COMMAND" = restart ]; then' ,
'' ); '' );
emit ( " qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets; ensure_ipset( $_ ) for @ipsets;
emit ( '' , emit ( '' ,
' if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then' , ' if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then' ,
@ -4580,15 +4583,11 @@ sub load_ipsets() {
' fi' , ' fi' ,
'', '',
' if eval $IPSET -S $hack > ${VARDIR}/ipsets.tmp; then' , ' if eval $IPSET -S $hack > ${VARDIR}/ipsets.tmp; then' ,
' grep -q "^-N" ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save' , ' grep -qE -- "^(-N|create )" ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save' ,
' fi', ' fi',
'elif [ "$COMMAND" = refresh ]; then' ); 'elif [ "$COMMAND" = refresh ]; then' );
if ( $family == F_IPV4 ) { ensure_ipset( $_ ) for @ipsets;
emit ( " qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
} else {
emit ( " qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family ipv6" ) for @ipsets;
}
} }
emit ( 'fi' , emit ( 'fi' ,