extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-22 06:10:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '4.5.8'

Browse Source 
Conflicts:
	Shorewall-core/lib.cli
This commit is contained in:
Tom Eastep 2012-10-07 08:24:04 -07:00
commit 8c97681421
1 changed files with 56 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
Shorewall-core/lib.cli
View File

@ -496,6 +496,26 @@ show_routing() {
fi
}
determine_ipset_version() {
local setname
if [ $IPSET = ipset ]; then
IPSET=$(mywhich ipset)
[ -n "$IPSET" ] || fatal_error "The ipset utility cannot be located"
fi
setname=fooX$$
qt ipset -X $setname # Just in case something went wrong the last time
if qt ipset -N $setname hash:ip family inet; then
qt ipset -X $setname
IPSETN="$IPSET"
else
IPSETN="$IPSET -n"
fi
}
#
# 'list dynamic' command executor
#
@ -503,7 +523,7 @@ find_sets() {
local junk
local setname
$IPSET -L | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done
$IPSETN -L | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done
}
list_zone() {
@ -511,24 +531,22 @@ list_zone() {
local sets
local setname
if [ $IPSET = ipset ]; then
[ -n "$(mywhich ipset)" ] || fatal_error "The ipset utility cannot be located"
fi
determine_ipset_version
if [ $g_family -eq 4 ]; then
sets=$($IPSET -L | grep '^$1_');
sets=$($IPSETN -L | grep "^$1_");
else
sets=$($IPSET-L | grep "^6_$1_")
sets=$($IPSETN -L | grep "^6_$1_")
fi
[ -n "$sets" ] || sets=$(find_sets $1)
for setname in $sets; do
echo "${setname#${1}_}:"
$IPSET -L $setname | awk 'BEGIN {prnt=0;}; \
/^Members:/ {prnt=1; next; }; \
/^Bindings:/ {prnt=0; }; \
{ if (prnt == 1) print " ", $1; };'
$IPSETN -L $setname | awk 'BEGIN {prnt=0;}; \
/^Members:/ {prnt=1; next; }; \
/^Bindings:/ {prnt=0; }; \
{ if (prnt == 1) print " ", $1; };'
done
}
@ -1588,18 +1606,12 @@ add_command() {
exit 2
fi
case "$IPSET" in
*/*)
;;
*)
[ -n "$(mywhich $IPSET)" ] || fatal_error "The $IPSET utility cannot be located"
;;
esac
determine_ipset_version
case $1 in
*:*)
while [ $# -gt 1 ]; do
if $g_family -eq 4; then
if [ $g_family -eq 4 ]; then
interface=${1%%:*}
host=${1#*:}
else
@ -1648,7 +1660,7 @@ add_command() {
ipset=6_${zone}_${interface};
fi
if ! qt $IPSET -L $ipset -n; then
if ! qt $IPSET -L $ipset; then
fatal_error "Zone $zone, interface $interface does not have a dynamic host list"
fi
@ -1661,7 +1673,7 @@ add_command() {
fi
done
else
qt $IPSET -L $ipset -n || fatal_error "Zone $ipset is not dynamic"
qt $IPSET -L $ipset || fatal_error "Zone $ipset is not dynamic"
for host in $hostlist; do
if $IPSET -A $ipset $host; then
@ -1683,18 +1695,12 @@ delete_command() {
exit 2;
fi
case "$IPSET" in
*/*)
;;
*)
[ -n "$(mywhich $IPSET)" ] || fatal_error "The $IPSET utility cannot be located"
;;
esac
determine_ipset_version
case $1 in
*:*)
while [ $# -gt 1 ]; do
if $g_family -eq 4; then
if [ $g_family -eq 4 ]; then
interface=${1%%:*}
host=${1#*:}
else
@ -1750,7 +1756,7 @@ delete_command() {
host=${host#*:}
if $IPSET -D $ipset $host; then
echo "Host $hostent deleted from zone $zone"
echo "Host $host deleted from zone $zone"
else
echo " WARNING: Unable to delete host $hostent to zone $zone" >&2
fi
@ -2944,7 +2950,27 @@ get_config() {
exit 2
fi
IPSET=ipset
if [ -n "$IPSET" ]; then
case "$IPSET" in
*/*)
if [ ! -x "$IPSET" ] ; then
echo " ERROR: The program specified in IPSET ($IPSET) does not exist or is not executable" >&2
exit 2
fi
;;
*)
prog="$(mywhich $IPSET 2> /dev/null)"
if [ -z "$prog" ] ; then
echo " ERROR: Can't find $IPSET executable" >&2
exit 2
fi
IPSET=$prog
;;
esac
else
IPSET='ipset'
fi
TC=tc
}