From e38fcb2bfc9d5a39fa01bc411df42dd613ef72c2 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 25 Mar 2012 08:27:28 -0700 Subject: [PATCH] Correct ipset creation and add a WARNING when creating an ipset Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index a55f8f26b..2b1e0b277 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -6428,15 +6428,23 @@ sub ensure_ipset( $ ) { if ( $family == F_IPV4 ) { if ( have_capability 'IPSET_V5' ) { - emit ( " qt \$IPSET -L $set -n || \$IPSET -N $_ hash:ip family inet" ); + emit ( qq( if ! qt \$IPSET -L $set -n; then) , + qq( error_message "WARNING: ipset $set does not exist; creating it as an hash:ip set") , + qq( \$IPSET -N $set hash:ip family inet") , + qq( fi) ); } else { - emit ( " qt \$IPSET -L $set -n || \$IPSET -N $_ iphash" ); + emit ( qq( if ! qt \$IPSET -L $set -n; then) , + qq( error_message "WARNING: ipset $1 does not exist; creating it as an iphash set") , + qq( \$IPSET -N $set iphash") , + qq( fi) ); } } else { - emit ( " qt \$IPSET -L $set -n || \$IPSET -N $_ hash:ip family inet6" ); + emit ( qq( if ! qt \$IPSET -L $set -n; then) , + qq( error_message "WARNING: ipset $set does not exist; creating it as an hash:ip set") , + qq( \$IPSET -N $set hash:ip family inet6) , + qq( fi) ); } } - sub load_ipsets() { @@ -6496,7 +6504,7 @@ sub load_ipsets() { } else { ensure_ipset( $_ ) for @ipsets; } - + if ( @ipsets ) { emit ( 'elif [ "$COMMAND" = restart ]; then' ); ensure_ipset( $_ ) for @ipsets; @@ -6508,7 +6516,7 @@ sub load_ipsets() { ensure_ipset( $_ ) for @ipsets; emit( '' ); } - + if ( $family == F_IPV4 ) { emit ( ' if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then' , ' #',