From d636c36ba7265e2e709c0e864af14bc25c574f12 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 20 Jun 2011 07:37:28 -0700
Subject: [PATCH] More IPv6 ipset fixes

- use 'family inet6' rather than 'family ipv6'
- Correct one more case of 'iphash' vs 'hash:ip family inet6'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 6ea93985b..778a87ee9 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -4536,7 +4536,7 @@ sub load_ipsets() {
 	    if ( $family == F_IPV4 ) {
 		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
 	    } else {
-		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family ipv6" ) for @ipsets;
+		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family inet6" ) for @ipsets;
 	    }
 
 	    emit ( '' );
@@ -4560,14 +4560,18 @@ sub load_ipsets() {
 	    if ( $family == F_IPV4 ) {
 		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
 	    } else {
-		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family ipv6" ) for @ipsets;
+		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family inet6" ) for @ipsets;
 	    }
 
 	    emit ( '' ,
 		   'elif [ "$COMMAND" = restart ]; then' ,
 		   '' );
 
-	    emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
+	    if ( $family == F_IPV4 ) {
+		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
+	    } else {
+		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family inet6" ) for @ipsets;
+	    }
 
 	    emit ( '' ,
 		   '    if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then' ,
@@ -4580,14 +4584,14 @@ sub load_ipsets() {
 		   '    fi' ,
 		   '',
 		   '    if eval $IPSET -S $hack > ${VARDIR}/ipsets.tmp; then' ,
-		   '        grep -q "^-N" ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save' ,
+		   '        grep -qE -- "^(-N|create )" ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save' ,
 		   '    fi',
 		   'elif [ "$COMMAND" = refresh ]; then' );
 
 	    if ( $family == F_IPV4 ) {
 		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for @ipsets;
 	    } else {
-		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family ipv6" ) for @ipsets;
+		emit ( "    qt \$IPSET -L $_ -n || \$IPSET -N $_ hash:ip family inet6" ) for @ipsets;
 	    }
 	}