Factor out ipset match rule generateion

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Misc.pm

@@ -710,6 +710,12 @@ sub create_docker_rules() {
 
 sub setup_mss();
 
+sub add_ipset_dbl_jump( $$$@) {
+    my ( $chainref, $target, $ipset_dir )  = ( shift, shift, shift );
+
+    add_ijump_extended( $chainref, j => $target, $origin{DYNAMIC_BLACKLIST}, @_, "--match-set $ipset_dir" );
+}
+
 #
 # Add rules generated by .conf options and interface options
 #
@@ -1027,16 +1033,16 @@ sub add_common_rules ( $ ) {
 			#
 			# src or src-dst
 			#
-			add_ijump_extended( $filter_table->{input_option_chain($interface)},   j => $src_target, $origin{DYNAMIC_BLACKLIST}, @src_exclude, @state, set => "--match-set $dbl_ipset src" );
-			add_ijump_extended( $filter_table->{forward_option_chain($interface)}, j => $src_target, $origin{DYNAMIC_BLACKLIST}, @dst_exclude, @state, set => "--match-set $dbl_ipset src" );
+			add_ipset_dbl_ijump( $filter_table->{input_option_chain($interface)},   $src_target, "$dbl_ipset src", @state );
+			add_ipset_dbl_ijump( $filter_table->{forward_option_chain($interface)}, $src_target, "$dbl_ipset src", @state );
 		    }
 
 		    if ( $setting & DBL_DST ) {
 			#
 			# src-dst
 			#
-			add_ijump_extended( $filter_table->{forward_option_chain($interface)}, j => $dst_target, $origin{DYNAMIC_BLACKLIST}, @dst_exclude, @state, set => "--match-set $dbl_ipset dst" );
-			add_ijump_extended( $filter_table->{output_option_chain($interface)},  j => $dbl_dst_target, $origin{DYNAMIC_BLACKLIST}, @dst_exclude, @state, set => "--match-set $dbl_ipset dst" );
+			add_ipset_dbl_ijump( $filter_table->{forward_option_chain($interface)}, $dst_target, "$dbl_ipset dst", @state );
+			add_ipset_dbl_ijump( $filter_table->{output_option_chain($interface)},  $dst_target, "$dbl_ipset dst", @state );
 		    }
 		}
 	    }