X-Git-Url: http://git.squeep.com/?p=firewall-squeep;a=blobdiff_plain;f=common.sh;h=781df4abe4a1471b86381ea7b79c4ab9fc54cedb;hp=4bb66ff664b0a8be18b419a9eda030f0abc78680;hb=cfde4971df11b411615d4e133a372a6d51d7ad97;hpb=0f864e054ebdb2c6606721dc49db867fe93cb61e

diff --git a/common.sh b/common.sh
index 4bb66ff..781df4a 100644
--- a/common.sh
+++ b/common.sh
@@ -20,3 +20,57 @@ function create_set(){
 	fi
 }
 
+function insert_setmatch_rules(){
+	local ipt set_name="$1"
+	shift
+	for v in '' '6'
+	do
+		eval ipt="\$IP${v}TABLES"
+		if ! $ipt -C INPUT -m set --match-set "${set_name}${v}" src "$@" >/dev/null 2>&1
+		then
+			echo "initializing rule '${set_name}${v}'"
+			$ipt -I INPUT -m set --match-set "${set_name}${v}" src "$@"
+		fi
+	done
+}
+
+function reload_cidr_sets(){
+	local set_name="$1"
+
+	# init new temporary sets
+	echo "updating set '${set_name}'"
+
+	create_set "${set_name}-tmp" hash:net
+	create_set "${set_name}6-tmp" hash:net family inet6
+
+	# populate them
+	for sfx in '' .$(hostname -s)
+	do
+		cidrfile="${set_name}.cidr${sfx}"
+		if [ -e "${cidrfile}" ]
+		then
+			for s in $(decommentcat "${cidrfile}")
+			do
+				case "${s}" in
+					*.*) table="${set_name}-tmp" ;;
+					*:*) table="${set_name}6-tmp" ;;
+					*)
+						echo "unknown entry '${s}' in '${cidrfile}'" 1>&2
+						continue
+					;;
+				esac
+				$IPSET add "${table}" "${s}"
+			done
+		fi
+	done
+
+	# take new sets live
+	for v in '' 6
+	do
+		n="${set_name}${v}"
+		$IPSET swap "${n}-tmp" "${n}"
+		$IPSET destroy "${n}-tmp"
+		$IPSET list -t "${n}"
+	done
+}
+