holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Move the code that generates zap_ipsets() to after save_ipsets() generation

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-04-14 09:56:48 -07:00
parent 074655d1bd
commit 9fa0df2fd1
1 changed files with 34 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -8279,38 +8279,6 @@ sub create_save_ipsets() {
my $setting = $config{SAVE_IPSETS}; my $setting = $config{SAVE_IPSETS};
my $havesets = @ipsets || @{$globals{SAVED_IPSETS}} || ( $setting && have_ipset_rules ); my $havesets = @ipsets || @{$globals{SAVED_IPSETS}} || ( $setting && have_ipset_rules );
if ( $havesets ) {
my $select = $family == F_IPV4 ? '^create.*family inet ' : 'create.*family inet6 ';
emit ( "#\n#Flush and Destroy the sets that we will subsequently attempt to restore\n#",
'zap_ipsets() {',
' local set',
'' );
if ( $family == F_IPV6 || $setting !~ /yes/i ) {
#
# Requires V5 or later
#
emit( '' ,
" for set in \$(\$IPSET save | grep '$select' | cut -d' ' -f2); do" ,
' $IPSET flush $set' ,
' $IPSET destroy $set' ,
" done" ,
'',
);
} else {
#
# Restoring all ipsets (IPv4 and IPv6, if any)
#
emit ( ' if [ -f ${VARDIR}/ipsets.save ]; then' ,
' $IPSET -F' ,
' $IPSET -X' ,
' fi' );
};
emit( '}' );
}
emit( "#\n#Save the ipsets specified by the SAVE_IPSETS setting and by dynamic zones and blacklisting\n#", emit( "#\n#Save the ipsets specified by the SAVE_IPSETS setting and by dynamic zones and blacklisting\n#",
'save_ipsets() {' ); 'save_ipsets() {' );
@ -8412,6 +8380,40 @@ sub create_save_ipsets() {
emit( ' true', emit( ' true',
"}\n" ); "}\n" );
} }
#
# Now generate a function that flushes and destroys sets prior to restoring them
#
if ( $havesets ) {
my $select = $family == F_IPV4 ? '^create.*family inet ' : 'create.*family inet6 ';
emit ( "#\n#Flush and Destroy the sets that we will subsequently attempt to restore\n#",
'zap_ipsets() {',
' local set',
'' );
if ( $family == F_IPV6 || $setting !~ /yes/i ) {
#
# Requires V5 or later
#
emit( '' ,
" for set in \$(\$IPSET save | grep '$select' | cut -d' ' -f2); do" ,
' $IPSET flush $set' ,
' $IPSET destroy $set' ,
" done" ,
'',
);
} else {
#
# Restoring all ipsets (IPv4 and IPv6, if any)
#
emit ( ' if [ -f ${VARDIR}/ipsets.save ]; then' ,
' $IPSET -F' ,
' $IPSET -X' ,
' fi' );
};
emit( '}' );
}
} }
sub load_ipsets() { sub load_ipsets() {