}
function insert_setmatch_rules(){
+ local single=0
+ if [ "x$1" = "x-single-set" ]
+ then
+ single=1
+ shift
+ fi
local ipt set_name="$1"
shift
for v in '' '6'
do
eval ipt="\$IP${v}TABLES"
+ if [ $single -eq 1 ]
+ then
+ v=''
+ fi
if ! $ipt -C INPUT -m set --match-set "${set_name}${v}" src "$@" >/dev/null 2>&1
then
echo "initializing rule '${set_name}${v}'"
done
}
+function add_service_entry(){
+ local port/proto
+ port=$(echo "${s}" | cut -d/ -f1)
+ proto=$(echo "${s}" | cut -d/ -f2)
+ $IPSET -exist add allowed_${proto} ${port}
+}
+
+function allow_services(){
+ local s proto port
+ for s in "$@"
+ do
+ case "${s}" in
+ */*) add_service_entry "${s}"
+ ;;
+ *) for svc in $(getent services "${s}" | awk '{print $2}')
+ do
+ add_service_entry "${svc}"
+ done
+ ;;
+ esac
+ done
+}
+