781df4abe4a1471b86381ea7b79c4ab9fc54cedb
5 IPTABLES
=$(which iptables)
6 IP6TABLES
=$(which ip6tables)
9 function decommentcat
(){
10 sed 's/\s*#.*$//;/^\s*$/d' "$@"
13 function create_set
(){
16 if ! $IPSET list
"${set_name}" >/dev
/null
2>&1
18 echo "creating set '${set_name}'"
19 $IPSET create
"${set_name}" "$@"
23 function insert_setmatch_rules
(){
24 local ipt set_name
="$1"
28 eval ipt
="\$IP${v}TABLES"
29 if ! $ipt -C INPUT
-m set --match-set "${set_name}${v}" src
"$@" >/dev
/null
2>&1
31 echo "initializing rule '${set_name}${v}'"
32 $ipt -I INPUT
-m set --match-set "${set_name}${v}" src
"$@"
37 function reload_cidr_sets
(){
40 # init new temporary sets
41 echo "updating set '${set_name}'"
43 create_set
"${set_name}-tmp" hash:net
44 create_set
"${set_name}6-tmp" hash:net family inet6
47 for sfx
in '' .
$(hostname -s)
49 cidrfile
="${set_name}.cidr${sfx}"
50 if [ -e "${cidrfile}" ]
52 for s
in $(decommentcat "${cidrfile}")
55 *.
*) table
="${set_name}-tmp" ;;
56 *:*) table
="${set_name}6-tmp" ;;
58 echo "unknown entry '${s}' in '${cidrfile}'" 1>&2
62 $IPSET add
"${table}" "${s}"
71 $IPSET swap
"${n}-tmp" "${n}"
72 $IPSET destroy
"${n}-tmp"