X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/6fd217ae2465d315d507e1a58a53d4afa53bde25..45da078e5fc0936d3405377f8a978544913f9b05:/functions.m4 diff --git a/functions.m4 b/functions.m4 index ebc1661..1cd0db5 100644 --- a/functions.m4 +++ b/functions.m4 @@ -109,11 +109,19 @@ clearchain () { makeset () { set -e name=$1; shift - if ipset -nL | grep -q "^Name: $name$"; then - : - else - ipset -N "$name" "$@" - fi + v=$(ipset --version) + createp=t + case "$v" in + "ipset v4"*) + if ipset -nL | grep -q "^Name: $name\$"; then createp=nil; fi + ;; + *) + if ipset -n -L | grep -q "^$name\$"; then createp=nil; fi + ;; + esac + case $createp in + t) ipset -N "$name" "$@" ;; + esac } ## errorchain CHAIN ACTION ARGS ... @@ -355,7 +363,7 @@ m4_divert(20)m4_dnl ### `defnetclass'. ### net_inet_NET List of IPv4 address ranges in the network. ### net_inet6_NET List of IPv6 address ranges in the network. -### net_fwd_NET List of other networks that this one forwards to. +### net_via_NET List of other networks that this one forwards via. ### net_hosts_NET List of hosts known to be in the network. ### host_inet_HOST IPv4 address of the named HOST. ### host_inet6_HOST IPv6 address of the named HOST. @@ -444,7 +452,7 @@ defnetclass () { ## defnet NET CLASS ## -## Define a network. Follow by calls to `addr', `forwards', etc. to define +## Define a network. Follow by calls to `addr', `via', etc. to define ## properties of the network. Networks are processed in order, so if their ## addresses overlap then the more specific addresses should be defined ## earlier. @@ -467,11 +475,11 @@ addr () { done } -## forwards NET ... +## via NET ... ## ## Declare that packets from this network are forwarded to the other NETs. -forwards () { - eval "net_fwd_$net=\"$*\"" +via () { + eval "net_via_$net=\"$*\"" } ## noxit NET ... @@ -721,8 +729,8 @@ net_interfaces () { nextnets="" any=nil for net in $nets; do - eval fwd=\$net_fwd_$net - for n in $fwd; do + eval via=\$net_via_$net + for n in $via; do case $seen in *":$n:"*) continue ;; esac seen=$seen$n: eval noxit=\$net_noxit_$n