add counters to drop sets

[firewall-squeep] / common.sh

diff --git a/common.sh b/common.sh
index 1309518af3bce28ffed72d4eb3c72be87ba6d3da..312ecdb0c75e10ce793857cd92c41484615f1264 100644 (file)
--- a/common.sh
+++ b/common.sh
@@ -5,6 +5,18 @@ set -e
 IPTABLES=$(which iptables)
 IP6TABLES=$(which ip6tables)
 IPSET=$(which ipset)
+TC=$(which tc)
+
+err(){
+       echo "$@" 1>&2
+}
+
+die(){
+       local status=$1
+       shift
+       err "$@"
+       exit ${status}
+}
 
 function decommentcat(){
        sed 's/\s*#.*$//;/^\s*$/d' "$@"
@@ -68,12 +80,13 @@ function insert_setmatch_rules(){
 
 function reload_cidr_sets(){
        local set_name="$1"
+       shift
 
        # init new temporary sets
        echo "updating set '${set_name}'"
 
-       create_set "${set_name}-tmp" hash:net
-       create_set "${set_name}6-tmp" hash:net family inet6
+       create_set "${set_name}-tmp" hash:net "$@"
+       create_set "${set_name}6-tmp" hash:net "$@" family inet6
 
        # populate them
        for sfx in '' .$(hostname -s)
@@ -114,7 +127,7 @@ function add_service_entry(){
 }
 
 function allow_services(){
-       local s proto port
+       local s
        for s in "$@"
        do
                case "${s}" in