Re-commit the fix that saves only the appropriate family

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 14:09:20 -07:00 · 2014-09-28 14:09:20 -07:00 · ce1c367d1d
commit ce1c367d1d
parent 3e2c903a41
3 changed files with 25 additions and 15 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -8016,12 +8016,22 @@ sub create_save_ipsets() {
 	    ensure_ipset( $_ ) for @ipsets;
 	}

-	emit( '' ,
-	      '    rm -f ${VARDIR}/ipsets.save' ,
-	      '' );
-
 	if ( $config{SAVE_IPSETS} ) {
-	    if ( $family == F_IPV4 ) {
+	    if ( $family == F_IPV6 || $config{SAVE_IPSETS} eq 'ipv4' ) {
+		my $select = $family == F_IPV4 ? '^create.*family inet ' : 'create.*family inet6 ';
+
+		emit( '    rm -f $file' ,
+		      '    touch $file' ,
+		      '    local set' ,
+		      ''
+		    );
+
+		emit( "    \$IPSET -S $_ >> >> \$file" ) for @ipsets;
+
+		emit( "    for set in \$(\$IPSET save | grep '$select' | cut -d' ' -f2); do" ,
+		      "        \$IPSET save \$set >> \$file" ,
+		      "    done" );
+	    } else {
 		emit ( '    if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then' ,
 		       '        #',
 		       '        # The \'grep -v\' is a hack for a bug in ipset\'s nethash implementation when xtables-addons is applied to Lenny' ,
@ -8034,11 +8044,9 @@ sub create_save_ipsets() {
 		       '    if eval $IPSET -S $hack > ${VARDIR}/ipsets.tmp; then' ,
 		       "        grep -qE -- \"^(-N|create )\" \${VARDIR}/ipsets.tmp && mv -f \${VARDIR}/ipsets.tmp \$file" ,
 		       '    fi' );
-	    } else {
-		emit ( '    if eval $IPSET -S > ${VARDIR}/ipsets.tmp; then' ,
-		       "        grep -qE -- \"^(-N|create )\" \${VARDIR}/ipsets.tmp && mv -f \${VARDIR}/ipsets.tmp \$file" ,
-		       '    fi' );
-	    }
+ 	    }
+
+	    emit("}\n" );
 	} elsif ( @ipsets || $globals{SAVED_IPSETS} ) {
 	    emit( '    rm -f ${VARDIR}/ipsets.tmp' ,
 		  '    touch ${VARDIR}/ipsets.tmp' ,
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -5572,10 +5572,13 @@ sub get_configuration( $$$$$ ) {
    unsupported_yes_no_warning 'RFC1918_STRICT';

    unless (default_yes_no 'SAVE_IPSETS', '', '*' ) {
-	my @sets = (split_list( $val= $config{SAVE_IPSETS}, 'ipset' ));
-	$globals{SAVED_IPSETS} = \@sets;
-        require_capability 'IPSET_V5', 'A saved ipset list', 's';
-	$config{SAVE_IPSETS} = '';
+	$val = $config{SAVE_IPSETS};
+	unless ( $val = 'ipv4' ) {
+	    my @sets = (split_list( $val= $config{SAVE_IPSETS}, 'ipset' ));
+	    $globals{SAVED_IPSETS} = \@sets;
+	    require_capability 'IPSET_V5', 'A saved ipset list', 's';
+	    $config{SAVE_IPSETS} = '';
+	}
    }

    default_yes_no 'SAVE_ARPTABLES'             , '';
--- a/Shorewall/Perl/prog.footer
+++ b/Shorewall/Perl/prog.footer
@ -386,7 +386,6 @@ case "$COMMAND" in
 	;;
    savesets)
 	if [ $# -eq 2 ]; then
-	    rm -f $2
 	    save_ipsets $2
 	else
 	    usage 2