From 7d8df9591bffec6168521f59b40fab44097ca9b7 Mon Sep 17 00:00:00 2001
From: Justin Wind <justin.wind+git@gmail.com>
Date: Thu, 9 Feb 2017 14:38:37 -0800
Subject: [PATCH] add counters to drop sets

---
 common.sh    | 7 ++++---
 sinokorea.sh | 6 +++---
 xenophobe.sh | 6 +++---
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/common.sh b/common.sh
index 1e40677..312ecdb 100644
--- a/common.sh
+++ b/common.sh
@@ -80,12 +80,13 @@ function insert_setmatch_rules(){
 
 function reload_cidr_sets(){
 	local set_name="$1"
+	shift
 
 	# init new temporary sets
 	echo "updating set '${set_name}'"
 
-	create_set "${set_name}-tmp" hash:net
-	create_set "${set_name}6-tmp" hash:net family inet6
+	create_set "${set_name}-tmp" hash:net "$@"
+	create_set "${set_name}6-tmp" hash:net "$@" family inet6
 
 	# populate them
 	for sfx in '' .$(hostname -s)
@@ -126,7 +127,7 @@ function add_service_entry(){
 }
 
 function allow_services(){
-	local s proto port
+	local s
 	for s in "$@"
 	do
 		case "${s}" in
diff --git a/sinokorea.sh b/sinokorea.sh
index b8edefd..9c63f66 100755
--- a/sinokorea.sh
+++ b/sinokorea.sh
@@ -31,8 +31,8 @@ then
 	$IPTABLES -L "${chain}"
 fi
 
-create_set sinokorea hash:net
-create_set sinokorea6 hash:net family inet6
+create_set sinokorea hash:net counters
+create_set sinokorea6 hash:net counters family inet6
 
 CURL_OPTS=''
 if [ -e "${cidr_file}" ]
@@ -42,5 +42,5 @@ fi
 (set -o pipefail; curl -sfL ${CURL_OPTS} "${badcidrs_url}" | decommentcat | awk '{print $1}' > "${cidr_file}") || die 1 "failed to fetch list"
 
 insert_setmatch_rules sinokorea -m multiport -p tcp --dports ssh,smtp -j xenophobe
-reload_cidr_sets sinokorea
+reload_cidr_sets sinokorea counters
 
diff --git a/xenophobe.sh b/xenophobe.sh
index d3edecb..b4470ca 100755
--- a/xenophobe.sh
+++ b/xenophobe.sh
@@ -16,8 +16,8 @@ then
         exit 0
 fi
 
-create_set "${set_name}" hash:net
-create_set "${set_name}6" hash:net family inet6
+create_set "${set_name}" hash:net counters
+create_set "${set_name}6" hash:net counters family inet6
 
 # create or re-init chains
 if ! $IPTABLES -L "${chain}" >/dev/null 2>&1
@@ -40,5 +40,5 @@ fi
 
 insert_setmatch_rules "${set_name}" -j "${chain}"
 
-reload_cidr_sets "${set_name}"
+reload_cidr_sets "${set_name}" counters
 
-- 
2.43.2