aboutsummaryrefslogtreecommitdiffstats
path: root/main/ipset/ipset.initd
diff options
context:
space:
mode:
Diffstat (limited to 'main/ipset/ipset.initd')
-rw-r--r--main/ipset/ipset.initd60
1 files changed, 32 insertions, 28 deletions
diff --git a/main/ipset/ipset.initd b/main/ipset/ipset.initd
index 84b17c2aba..ee1668939b 100644
--- a/main/ipset/ipset.initd
+++ b/main/ipset/ipset.initd
@@ -1,6 +1,6 @@
#!/sbin/openrc-run
# Init script for ipset
-# Copyright (C) 2012 Kaarle Ritvanen
+# Copyright (C) 2012-2017 Kaarle Ritvanen
# Licensed under the terms of the GPL2
description="Manage IP sets in the Linux kernel"
@@ -26,11 +26,15 @@ set_file() {
}
set_exists() {
- $IPSET save $1 &> /dev/null
+ $IPSET -n list $1 &> /dev/null
+}
+
+set_lists() {
+ $IPSET save | sed "s/^create \\([^ ]\\+\\) list:set.*/\\1/;ta;d;:a"
}
sets() {
- $IPSET save | sed "s/^create \\([^ ]\\+\\) ${1:+$1 }.*/\\1/;ta;d;:a"
+ $IPSET -n list
}
@@ -45,7 +49,7 @@ start() {
stop() {
ebegin "Flushing firewall IP sets"
- for name in $(sets list:set); do
+ for name in $(set_lists); do
ipset destroy $name
done
@@ -81,35 +85,35 @@ save() {
reload() {
ebegin "Loading firewall IP sets"
- local swap=
- for name in $(set_files); do
- local new=$name
- if set_exists $name; then
- new=_init_$name
- swap="$swap $name"
- fi
- ipset create $new $(set_file $name | head -n 1)
- done
+ (
+ local swap=
+ for name in $(set_files); do
+ local new=$name
+ if set_exists $name; then
+ new=_init_$name
+ swap="$swap $name"
+ fi
+ echo create $new $(set_file $name | head -n 1)
+ done
- for name in $(set_files); do
- local new=$name
- set_exists _init_$name && new=_init_$name
- set_file $name | tail -n +2 | while read m; do
- ipset add $new $m
+ for name in $(set_files); do
+ local new=$name
+ set_exists _init_$name && new=_init_$name
+ set_file $name | sed "1d;s/^/add $new /"
done
- done
- for name in $swap; do
- ipset swap $name _init_$name
- done
+ for name in $swap; do
+ echo swap $name _init_$name
+ done
- for name in $(sets list:set); do
- [ -f $DIR/$name ] || ipset destroy $name
- done
+ for name in $(set_lists); do
+ [ -f $DIR/$name ] || echo destroy $name
+ done
- for name in $(sets); do
- [ -f $DIR/$name ] || ipset destroy $name
- done
+ for name in $(sets); do
+ [ -f $DIR/$name ] || echo destroy $name
+ done
+ ) | ipset restore
eend $STATUS
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 13:01:30 +0000