streamlined more common functionality

[firewall-squeep] / xenophobe.sh

diff --git a/xenophobe.sh b/xenophobe.sh
index 631c49275aa69dae4c945189f934c820aeaac59b..91d250a3eb3e6748ecd5075e750ed39a5c3c998c 100755 (executable)
--- a/xenophobe.sh
+++ b/xenophobe.sh
@@ -38,39 +38,7 @@ then
        $IP6TABLES -v -L "${chain}"
 fi
 
-if ! $IPTABLES -C INPUT -m set --match-set "${set_name}" src -j "${chain}" >/dev/null 2>&1
-then
-       echo "initializing rule '${set_name}'"
-       $IPTABLES -I INPUT -m set --match-set "${set_name}" src -j "${chain}"
-fi
-
-if ! $IP6TABLES -C INPUT -m set --match-set "${set_name}6" src -j "${chain}" >/dev/null 2>&1
-then
-       echo "initializing rule '${set_name}6'"
-       $IP6TABLES -I INPUT -m set --match-set "${set_name}6" src -j "${chain}"
-fi
-
-# init new temporary set
-if [ -e "${set_name}.cidr" ]
-then
-       echo "updating set '${set_name}'"
-       $IPSET create "${set_name}-tmp" hash:net
-       for s in $(decommentcat "${set_name}.cidr" | grep '\.')
-       do
-               $IPSET add "${set_name}-tmp" "${s}"
-       done
-       $IPSET swap "${set_name}-tmp" "${set_name}"
-       $IPSET destroy "${set_name}-tmp"
-       $IPSET list -t "${set_name}"
+insert_setmatch_rules "${set_name}" -j "${chain}"
 
-       echo "updating set '${set_name}'"
-       $IPSET create "${set_name}6-tmp" hash:net family inet6
-       for s in $(decommentcat "${set_name}.cidr" | grep '\:')
-       do
-               $IPSET add "${set_name}6-tmp" "${s}"
-       done
-       $IPSET swap "${set_name}6-tmp" "${set_name}6"
-       $IPSET destroy "${set_name}6-tmp"
-       $IPSET list -t "${set_name}6"
-fi
+reload_cidr_sets "${set_name}"