projects / firewall-squeep / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xeno add
[firewall-squeep] / common.sh
diff --git a/common.sh b/common.sh
index b3bcda876348f8c4b3b25ec2129ebea0063d1171..5c2ed1a56e052dc5b53a08e20dfeb4e4099e49d0 100644 (file)
--- a/common.sh
+++ b/common.sh
@@ -92,7 +92,7 @@ function ipset_restore_from_cidr(){
                # extract existing set configuration to create temporary set
                (set -o pipefail; $IPSET save "${set_name}${v}" 2>/dev/null | grep -m 1 '^create ' | sed "s/\(create ${set_name}${v}\)/\1-tmp/") || continue
                # populate with new data
-               decommentcat "${set_name}.cidr" "${set_name}.cidr.$(hostname -s)" 2>/dev/null | sed -n 's/\(.*'"${vmatch}"'.*\)/add '"${set_name}${v}-tmp"' \1/p'
+               decommentcat "${set_name}.cidr" "${set_name}.cidr.$(hostname -s)" 2>/dev/null | sed -n 's/\(.*'"${vmatch}"'.*\)/add '"${set_name}${v}-tmp"' \1/p' | sort -n | uniq
        done
 }
 
@@ -166,7 +166,7 @@ function allow_services(){
                case "${s}" in
                */*)    add_service_entry "${s}"
                        ;;
-               *)      for svc in $(getent services "${s}" | awk '{print $2}')
+               *)      for svc in $(egrep "^${s}\s+" /etc/services | decommentcat | awk '{print $2}')
                        do
                                add_service_entry "${svc}"
                        done
squeep firewall skeleton - very basic initialization scripts for edge servers