exit 0
fi
-create_set "${set_name}" hash:net
-create_set "${set_name}6" hash:net family inet6
+create_set "${set_name}" hash:net counters
+create_set "${set_name}6" hash:net counters family inet6
# create or re-init chains
-if ! $IPTABLES -L "${chain}" >/dev/null
+if ! $IPTABLES -L "${chain}" >/dev/null 2>&1
then
echo "initializing chain '${chain}'"
$IPTABLES -N "${chain}" || $IPTABLES -F "${chain}"
$IPTABLES -v -L "${chain}"
fi
-if ! $IP6TABLES -L "${chain}" >/dev/null
+if ! $IP6TABLES -L "${chain}" >/dev/null 2>&1
then
echo "initializing chain '${chain}' ipv6"
$IP6TABLES -N "${chain}" || $IP6TABLES -F "${chain}"
$IP6TABLES -v -L "${chain}"
fi
-if ! $IPTABLES -C INPUT -m set --match-set "${set_name}" src -j "${chain}" >/dev/null 2>&1
-then
- echo "initializing rule '${set_name}'"
- $IPTABLES -I INPUT -m set --match-set "${set_name}" src -j "${chain}"
-fi
-
-if ! $IP6TABLES -C INPUT -m set --match-set "${set_name}6" src -j "${chain}" >/dev/null 2>&1
-then
- echo "initializing rule '${set_name}6'"
- $IP6TABLES -I INPUT -m set --match-set "${set_name}6" src -j "${chain}"
-fi
-
-# init new temporary set
-if [ -e "${set_name}.cidr" ]
-then
- echo "updating set '${set_name}'"
- $IPSET create "${set_name}-tmp" hash:net
- for s in $(decommentcat "${set_name}.cidr" | grep '\.')
- do
- $IPSET add "${set_name}-tmp" "${s}"
- done
- $IPSET swap "${set_name}-tmp" "${set_name}"
- $IPSET destroy "${set_name}-tmp"
- $IPSET list -t "${set_name}"
+insert_setmatch_rules "${set_name}" -j "${chain}"
- echo "updating set '${set_name}'"
- $IPSET create "${set_name}6-tmp" hash:net family inet6
- for s in $(decommentcat "${set_name}.cidr" | grep '\:')
- do
- $IPSET add "${set_name}6-tmp" "${s}"
- done
- $IPSET swap "${set_name}6-tmp" "${set_name}6"
- $IPSET destroy "${set_name}6-tmp"
- $IPSET list -t "${set_name}6"
-fi
+reload_cidr_sets "${set_name}" counters