fender: New host, with basic firewall.

[firewall] / functions.m4

diff --git a/functions.m4 b/functions.m4
index b2e3cb6..05decbf 100644 (file)
--- a/functions.m4
+++ b/functions.m4
@@ -85,10 +85,23 @@ clearchain () {
       *:*) table=${chain%:*} chain=${chain#*:} ;;
       *) table=filter ;;
     esac
-    run ip46tables -t $table -N $chain
+    run ip46tables -t $table -N $chain 2>/dev/null || :
   done
 }
 
+## makeset SET TYPE [PARAMS]
+##
+## Ensure that the named ipset exists.  Don't clear it.
+makeset () {
+  set -e
+  name=$1; shift
+  if ipset -nL | grep -q "^Name: $name$"; then
+    :
+  else
+    ipset -N "$name" "$@"
+  fi
+}
+
 ## errorchain CHAIN ACTION ARGS ...
 ##
 ## Make a chain which logs a message and then invokes some other action,