###--------------------------------------------------------------------------
### Utility chains (used by function definitions).
-m4_divert(22)m4_dnl
+m4_divert(20)m4_dnl
###--------------------------------------------------------------------------
### Basic chain constructions.
*:*) table=${chain%:*} chain=${chain#*:} ;;
*) table=filter ;;
esac
- run ip46tables -t $table -N $chain
+ run ip46tables -t $table -N $chain 2>/dev/null || :
done
}
+## makeset SET TYPE [PARAMS]
+##
+## Ensure that the named ipset exists. Don't clear it.
+makeset () {
+ set -e
+ name=$1; shift
+ if ipset -nL | grep -q "^Name: $name$"; then
+ :
+ else
+ ipset -N "$name" "$@"
+ fi
+}
+
## errorchain CHAIN ACTION ARGS ...
##
## Make a chain which logs a message and then invokes some other action,
run ip46tables -t $table -A $chain -j DROP
}
-m4_divert(24)m4_dnl
+m4_divert(20)m4_dnl
###--------------------------------------------------------------------------
### Basic option setting.
done
}
-m4_divert(26)m4_dnl
+m4_divert(20)m4_dnl
###--------------------------------------------------------------------------
### Packet filter construction.
-m frag --fragfirst
run ip6tables -A accept-non-init-frag -j ACCEPT
-m4_divert(26)m4_dnl
+m4_divert(20)m4_dnl
## allowservices CHAIN PROTO SERVICE ...
##
## Add rules to allow the SERVICES on the CHAIN.
run ip46tables -A $chain -p udp -g interesting --destination-port $1:$2
}
-m4_divert(28)m4_dnl
+m4_divert(20)m4_dnl
###--------------------------------------------------------------------------
### Packet classification.
~mdw / firewall / blobdiff