projects / firewall-squeep / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add counters to drop sets
[firewall-squeep] / sinokorea.sh
diff --git a/sinokorea.sh b/sinokorea.sh
index b8edefd02aeeadcf8b5fd3e6151e9cd3a6ae86f4..9c63f6614affb00bf2603f88e46851ade81b7e13 100755 (executable)
--- a/sinokorea.sh
+++ b/sinokorea.sh
@@ -31,8 +31,8 @@ then
        $IPTABLES -L "${chain}"
 fi
 
-create_set sinokorea hash:net
-create_set sinokorea6 hash:net family inet6
+create_set sinokorea hash:net counters
+create_set sinokorea6 hash:net counters family inet6
 
 CURL_OPTS=''
 if [ -e "${cidr_file}" ]
@@ -42,5 +42,5 @@ fi
 (set -o pipefail; curl -sfL ${CURL_OPTS} "${badcidrs_url}" | decommentcat | awk '{print $1}' > "${cidr_file}") || die 1 "failed to fetch list"
 
 insert_setmatch_rules sinokorea -m multiport -p tcp --dports ssh,smtp -j xenophobe
-reload_cidr_sets sinokorea
+reload_cidr_sets sinokorea counters
 
squeep firewall skeleton - very basic initialization scripts for edge servers