From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH] rules.pl: Adjust check against loading the same lists multiple times. Date: Thu, 17 Feb 2022 06:40:03 +0100 Message-ID: <20220217054003.7080-1-stefan.schantl@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3375874983441266230==" List-Id: --===============3375874983441266230== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This check now has been moved to the ipset_restore() function, which will help to keep the code clean and maintain-able. Signed-off-by: Stefan Schantl --- config/firewall/rules.pl | 43 ++++++++++++++++------------------------ 1 file changed, 17 insertions(+), 26 deletions(-) diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 25d01e0e3..927c1f2ba 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -404,14 +404,8 @@ sub buildrules { # Grab location code from hash. my $loc_src =3D $$hash{$key}[4]; =20 - # Check if the network list for this country already has been loaded. - unless($loaded_ipset_lists{$loc_src}) { - # Call function to load the networks list for this country. - &ipset_restore($loc_src); - - # Store to the hash that this list has been loaded. - $loaded_ipset_lists{$loc_src} =3D "1"; - } + # Call function to load the networks list for this country. + &ipset_restore($loc_src); =20 push(@source_options, $source); } elsif($source) { @@ -424,14 +418,8 @@ sub buildrules { # Grab location code from hash. my $loc_dst =3D $$hash{$key}[6]; =20 - # Check if the network list for this country already has been loaded. - unless($loaded_ipset_lists{$loc_dst}) { - # Call function to load the networks list for this country. - &ipset_restore($loc_dst); - - # Store to the hash that this list has been loaded. - $loaded_ipset_lists{$loc_dst} =3D "1"; - } + # Call function to load the networks list for this country. + &ipset_restore($loc_dst); =20 push(@destination_options, $destination); } elsif ($destination) { @@ -677,14 +665,8 @@ sub locationblock { # is enabled. foreach my $location (@locations) { if(exists $locationsettings{$location} && $locationsettings{$location} eq = "on") { - # Check if the network list for this country already has been loaded. - unless($loaded_ipset_lists{$location}) { - # Call function to load the networks list for this country. - &ipset_restore($location); - - # Store to the hash that this list has been loaded. - $loaded_ipset_lists{$location} =3D "1"; - } + # Call function to load the networks list for this country. + &ipset_restore($location); =20 # Call iptables and create rule to use the loaded ipset list. run("$IPTABLES -A LOCATIONBLOCK -m set --match-set CC_$location src -j DR= OP"); @@ -906,14 +888,23 @@ sub firewall_is_in_subnet { } =20 sub ipset_restore ($) { - my ($ccode) =3D @_; + my ($list) =3D @_; =20 my $file_prefix =3D "ipset4"; - my $db_file =3D "$Location::Functions::ipset_db_directory/$ccode.$file_pref= ix"; + my $db_file =3D "$Location::Functions::ipset_db_directory/$list.$file_prefi= x"; + + # Check if the network list already has been loaded. + if($loaded_ipset_lists{$list}) { + # It already has been loaded - so there is nothing to do. + return; + } =20 # Check if the generated file exists. if (-f $db_file) { # Run ipset and restore the list of the given country code. run("$IPSET restore < $db_file"); + + # Store the restored list name to the hash to prevent from loading it agai= n. + $loaded_ipset_lists{$list} =3D "1"; } } --=20 2.30.2 --===============3375874983441266230==--