From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 09/12] rules.pl: Do not try to restore the same ipset
 multiple times.
Date: Mon, 14 Feb 2022 21:05:44 +0000
Message-ID: <0f18a04f-4a5d-6203-3ae9-986b7deeb167@ipfire.org>
In-Reply-To: <20220214184257.2406-9-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7677342812120050625=="
List-Id: <development.lists.ipfire.org>

--===============7677342812120050625==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>

> When an ipset list get restored, this now will be documented in a hash
> and this hash also will be checked before restoring a list if this has
> not be done previously.
>=20
> This will prevent from restoring the same list multiple times.
>=20
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>  config/firewall/rules.pl | 31 +++++++++++++++++++++++++------
>  1 file changed, 25 insertions(+), 6 deletions(-)
>=20
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index d533ffb42..29990ee67 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -70,6 +70,7 @@ my %confignatfw=3D();
>  my %locationsettings =3D (
>  	"LOCATIONBLOCK_ENABLED" =3D> "off"
>  );
> +my %loaded_ipset_lists=3D();
> =20
>  my @p2ps=3D();
> =20
> @@ -405,8 +406,14 @@ sub buildrules {
>  						# Grab location code from hash.
>  						my $loc_src =3D $$hash{$key}[4];
> =20
> -						# Call function to load the networks list for this country.
> -						&ipset_restore($loc_src);
> +						# Check if the network list for this country already has been loaded.
> +						unless($loaded_ipset_lists{$loc_src}) {
> +							# Call function to load the networks list for this country.
> +							&ipset_restore($loc_src);
> +
> +							# Store to the hash that this list has been loaded.
> +							$loaded_ipset_lists{$loc_src} =3D "1";
> +						}
> =20
>  						push(@source_options, $source);
>  					} elsif($source) {
> @@ -419,8 +426,14 @@ sub buildrules {
>  						# Grab location code from hash.
>  						my $loc_dst =3D $$hash{$key}[6];
> =20
> -						# Call function to load the networks list for this country.
> -						&ipset_restore($loc_dst);
> +						# Check if the network list for this country already has been loaded.
> +						unless($loaded_ipset_lists{$loc_dst}) {
> +							# Call function to load the networks list for this country.
> +							&ipset_restore($loc_dst);
> +
> +							# Store to the hash that this list has been loaded.
> +							$loaded_ipset_lists{$loc_dst} =3D "1";
> +						}
> =20
>  						push(@destination_options,  $destination);
>  					} elsif ($destination) {
> @@ -683,8 +696,14 @@ sub locationblock {
>  	# is enabled.
>  	foreach my $location (@locations) {
>  		if(exists $locationsettings{$location} && $locationsettings{$location} e=
q "on") {
> -			# Call function to load the networks list for this country.
> -			&ipset_restore($location);
> +			# Check if the network list for this country already has been loaded.
> +			unless($loaded_ipset_lists{$location}) {
> +				# Call function to load the networks list for this country.
> +				&ipset_restore($location);
> +
> +				# Store to the hash that this list has been loaded.
> +				$loaded_ipset_lists{$location} =3D "1";
> +			}
> =20
>  			# Call iptables and create rule to use the loaded ipset list.
>  			run("$IPTABLES -A LOCATIONBLOCK -m set --match-set CC_$location src -j =
DROP");

--===============7677342812120050625==--