X-Git-Url: http://git.squeep.com/?p=firewall-squeep;a=blobdiff_plain;f=common.sh;h=f8860fcb1adf50868d549a147cfeb5f57ef23ea9;hp=781df4abe4a1471b86381ea7b79c4ab9fc54cedb;hb=26febd7376e8c1679d5d088d71d73bc64585ec1e;hpb=a09ac8bca620bfec98186a8ec041136e31abb3bd

diff --git a/common.sh b/common.sh
index 781df4a..f8860fc 100644
--- a/common.sh
+++ b/common.sh
@@ -21,11 +21,21 @@ function create_set(){
 }
 
 function insert_setmatch_rules(){
+	local single=0
+	if [ "x$1" = "x-single-set" ]
+	then
+		single=1
+		shift
+	fi
 	local ipt set_name="$1"
 	shift
 	for v in '' '6'
 	do
 		eval ipt="\$IP${v}TABLES"
+		if [ $single -eq 1 ]
+		then
+			v=''
+		fi
 		if ! $ipt -C INPUT -m set --match-set "${set_name}${v}" src "$@" >/dev/null 2>&1
 		then
 			echo "initializing rule '${set_name}${v}'"
@@ -74,3 +84,26 @@ function reload_cidr_sets(){
 	done
 }
 
+function add_service_entry(){
+	local port/proto
+	port=$(echo "${s}" | cut -d/ -f1)
+	proto=$(echo "${s}" | cut -d/ -f2)
+	$IPSET -exist add allowed_${proto} ${port}
+}
+
+function allow_services(){
+	local s proto port
+	for s in "$@"
+	do
+		case "${s}" in
+		*/*)	add_service_entry "${s}"
+			;;
+		*)	for svc in $(getent services "${s}" | awk '{print $2}')
+			do
+				add_service_entry "${svc}"
+			done
+			;;
+		esac
+	done
+}
+