holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Only specify 'counters' to ipset of IPSET_MATCH_COUNTERS is present

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-10-20 09:07:36 -07:00
parent 31b6e9e299
commit b44628ddc8
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -8265,6 +8265,7 @@ EOF
sub ensure_ipsets( @ ) { sub ensure_ipsets( @ ) {
my $set; my $set;
my $counters = have_capability( 'IPSET_MATCH_COUNTERS' ) ? ' counters' : '';
if ( $globals{DBL_TIMEOUT} ne '' && $_[0] eq $globals{DBL_IPSET} ) { if ( $globals{DBL_TIMEOUT} ne '' && $_[0] eq $globals{DBL_IPSET} ) {
shift; shift;
@ -8277,12 +8278,12 @@ sub ensure_ipsets( @ ) {
emit( q( #), emit( q( #),
q( # Set the timeout for the dynamic blacklisting ipset), q( # Set the timeout for the dynamic blacklisting ipset),
q( #), q( #),
qq( \$IPSET -exist create $globals{DBL_IPSET} hash:net family inet timeout $globals{DBL_TIMEOUT} counters) ); qq( \$IPSET -exist create $globals{DBL_IPSET} hash:net family inet timeout $globals{DBL_TIMEOUT}${counters}) );
} else { } else {
emit( q( #), emit( q( #),
q( # Set the timeout for the dynamic blacklisting ipset), q( # Set the timeout for the dynamic blacklisting ipset),
q( #), q( #),
qq( \$IPSET -exist create $globals{DBL_IPSET} hash:net family inet6 timeout $globals{DBL_TIMEOUT} counters) ); qq( \$IPSET -exist create $globals{DBL_IPSET} hash:net family inet6 timeout $globals{DBL_TIMEOUT}${counters}) );
} }
pop_indent; pop_indent;
@ -8304,7 +8305,7 @@ sub ensure_ipsets( @ ) {
if ( have_capability 'IPSET_V5' ) { if ( have_capability 'IPSET_V5' ) {
emit ( qq( if ! qt \$IPSET list $set -n; then) , emit ( qq( if ! qt \$IPSET list $set -n; then) ,
qq( error_message "WARNING: ipset $set does not exist; creating it as an hash:net set") , qq( error_message "WARNING: ipset $set does not exist; creating it as an hash:net set") ,
qq( \$IPSET create $set hash:net family inet timeout 0 counters) , qq( \$IPSET create $set hash:net family inet timeout 0${counters}) ,
qq( fi) ); qq( fi) );
} else { } else {
emit ( qq( if ! qt \$IPSET -L $set -n; then) , emit ( qq( if ! qt \$IPSET -L $set -n; then) ,
@ -8315,7 +8316,7 @@ sub ensure_ipsets( @ ) {
} else { } else {
emit ( qq( if ! qt \$IPSET list $set -n; then) , emit ( qq( if ! qt \$IPSET list $set -n; then) ,
qq( error_message "WARNING: ipset $set does not exist; creating it as an hash:net set") , qq( error_message "WARNING: ipset $set does not exist; creating it as an hash:net set") ,
qq( \$IPSET create $set hash:net family inet6 timeout 0 counters) , qq( \$IPSET create $set hash:net family inet6 timeout 0${counters}) ,
qq( fi) ); qq( fi) );
} }