More IPv6 ipset fixes

- use 'family inet6' rather than 'family ipv6' - Correct one more case of 'iphash' vs 'hash:ip family inet6' Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-16 12:43:19 +01:00 · 2011-06-20 07:37:28 -07:00 · 2011-06-20 07:37:28 -07:00 · d636c36ba7
commit d636c36ba7
parent 4c2f12e645
1 changed files with 9 additions and 5 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -4536,7 +4536,7 @@ sub load_ipsets() {
 	    if ( $family == F_IPV4 ) {
 		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
 	    } else {
-		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family ipv6" ) for @ipsets;
+		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family inet6" ) for @ipsets;
 	    }

 	    emit ( '' );
@ -4560,14 +4560,18 @@ sub load_ipsets() {
 	    if ( $family == F_IPV4 ) {
 		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
 	    } else {
-		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family ipv6" ) for @ipsets;
+		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family inet6" ) for @ipsets;
 	    }

 	    emit ( '' ,
 		   'elif [ "$COMMAND" = restart ]; then' ,
 		   '' );

-	    emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
+	    if ( $family == F_IPV4 ) {
+		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
+	    } else {
+		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family inet6" ) for @ipsets;
+	    }

 	    emit ( '' ,
 		   '    if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then' ,
@ -4580,14 +4584,14 @@ sub load_ipsets() {
 		   '    fi' ,
 		   '',
 		   '    if eval $IPSET -S $hack > ${VARDIR}/ipsets.tmp; then' ,
-		   '        grep -q "^-N" ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save' ,
+		   '        grep -qE -- "^(-N|create )" ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save' ,
 		   '    fi',
 		   'elif [ "$COMMAND" = refresh ]; then' );

 	    if ( $family == F_IPV4 ) {
 		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
 	    } else {
-		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family ipv6" ) for @ipsets;
+		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family inet6" ) for @ipsets;
 	    }
 	}