* [PATCH 1/2] rules.pl: Autodetect ipset db file to restore.
@ 2022-03-02 19:43 Stefan Schantl
2022-03-02 19:43 ` [PATCH 2/2] firewall-lib.pl: Remove prefix when dealing with ipset sets Stefan Schantl
0 siblings, 1 reply; 3+ messages in thread
From: Stefan Schantl @ 2022-03-02 19:43 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1403 bytes --]
This commit allows the ipset_restore() function to auto-detect
which set file needs to be restored.
Currently it is limitated to country codes only, because we currently
does not support anything else.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
config/firewall/rules.pl | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index b12764d18..b8c602538 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -945,8 +945,9 @@ sub ipset_get_sets () {
sub ipset_restore ($) {
my ($set) = @_;
- my $file_prefix = "ipset4";
- my $db_file = "$Location::Functions::ipset_db_directory/$set.$file_prefix";
+ # Empty variable to store the db file, which should be
+ # restored by ipset.
+ my $db_file;
# Check if the set already has been loaded.
if($ipset_loaded_sets{$set}) {
@@ -954,6 +955,15 @@ sub ipset_restore ($) {
return;
}
+ # Check if the given set name is a country code.
+ if($set ~~ @locations) {
+ # Libloc adds "ipset4" as prefix to all exported IPv4 data.
+ my $file_prefix = "ipset4";
+
+ # Generate full path and filename for the ipset db file to restore.
+ $db_file = "$Location::Functions::ipset_db_directory/$set.$file_prefix";
+ }
+
# Check if the generated file exists.
if (-f $db_file) {
# Run ipset and restore the given set.
--
2.30.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 2/2] firewall-lib.pl: Remove prefix when dealing with ipset sets.
2022-03-02 19:43 [PATCH 1/2] rules.pl: Autodetect ipset db file to restore Stefan Schantl
@ 2022-03-02 19:43 ` Stefan Schantl
2022-03-03 15:10 ` Michael Tremer
0 siblings, 1 reply; 3+ messages in thread
From: Stefan Schantl @ 2022-03-02 19:43 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1018 bytes --]
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
config/firewall/firewall-lib.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
index f4089a3a0..7d35d5686 100644
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -466,7 +466,7 @@ sub get_address
# Get external interface.
my $external_interface = &get_external_interface();
- push(@ret, ["-m set --match-set CC_$value src", "$external_interface"]);
+ push(@ret, ["-m set --match-set $value src", "$external_interface"]);
}
# Handle rule options with a location as target.
@@ -476,7 +476,7 @@ sub get_address
# Get external interface.
my $external_interface = &get_external_interface();
- push(@ret, ["-m set --match-set CC_$value dst", "$external_interface"]);
+ push(@ret, ["-m set --match-set $value dst", "$external_interface"]);
}
# If nothing was selected, we assume "any".
--
2.30.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 2/2] firewall-lib.pl: Remove prefix when dealing with ipset sets.
2022-03-02 19:43 ` [PATCH 2/2] firewall-lib.pl: Remove prefix when dealing with ipset sets Stefan Schantl
@ 2022-03-03 15:10 ` Michael Tremer
0 siblings, 0 replies; 3+ messages in thread
From: Michael Tremer @ 2022-03-03 15:10 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1537 bytes --]
Hello Stefan,
Thank you for this patch. It is however already obsolete due to my changes to libloc:
https://lists.ipfire.org/pipermail/location/2022-March/000536.html
Could you please send some follow-up patches that update this to the latest naming convention?
Would you also take care of packaging libloc for IPFire 2?
Best,
-Michael
> On 2 Mar 2022, at 19:43, Stefan Schantl <stefan.schantl(a)ipfire.org> wrote:
>
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
> config/firewall/firewall-lib.pl | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
> index f4089a3a0..7d35d5686 100644
> --- a/config/firewall/firewall-lib.pl
> +++ b/config/firewall/firewall-lib.pl
> @@ -466,7 +466,7 @@ sub get_address
> # Get external interface.
> my $external_interface = &get_external_interface();
>
> - push(@ret, ["-m set --match-set CC_$value src", "$external_interface"]);
> + push(@ret, ["-m set --match-set $value src", "$external_interface"]);
> }
>
> # Handle rule options with a location as target.
> @@ -476,7 +476,7 @@ sub get_address
> # Get external interface.
> my $external_interface = &get_external_interface();
>
> - push(@ret, ["-m set --match-set CC_$value dst", "$external_interface"]);
> + push(@ret, ["-m set --match-set $value dst", "$external_interface"]);
> }
>
> # If nothing was selected, we assume "any".
> --
> 2.30.2
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-03-03 15:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-02 19:43 [PATCH 1/2] rules.pl: Autodetect ipset db file to restore Stefan Schantl
2022-03-02 19:43 ` [PATCH 2/2] firewall-lib.pl: Remove prefix when dealing with ipset sets Stefan Schantl
2022-03-03 15:10 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox