X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/a188f54944e56c7588f7ebbabbef3cee19686575..a4d8cae3892c13a32f941ef96b24eaa6930500cb:/functions.m4 diff --git a/functions.m4 b/functions.m4 index b2e3cb6..555072e 100644 --- a/functions.m4 +++ b/functions.m4 @@ -62,7 +62,7 @@ m4_divert(38)m4_dnl ###-------------------------------------------------------------------------- ### Utility chains (used by function definitions). -m4_divert(22)m4_dnl +m4_divert(20)m4_dnl ###-------------------------------------------------------------------------- ### Basic chain constructions. @@ -85,10 +85,23 @@ clearchain () { *:*) table=${chain%:*} chain=${chain#*:} ;; *) table=filter ;; esac - run ip46tables -t $table -N $chain + run ip46tables -t $table -N $chain 2>/dev/null || : done } +## makeset SET TYPE [PARAMS] +## +## Ensure that the named ipset exists. Don't clear it. +makeset () { + set -e + name=$1; shift + if ipset -nL | grep -q "^Name: $name$"; then + : + else + ipset -N "$name" "$@" + fi +} + ## errorchain CHAIN ACTION ARGS ... ## ## Make a chain which logs a message and then invokes some other action, @@ -109,7 +122,7 @@ errorchain () { run ip46tables -t $table -A $chain -j DROP } -m4_divert(24)m4_dnl +m4_divert(20)m4_dnl ###-------------------------------------------------------------------------- ### Basic option setting. @@ -165,7 +178,7 @@ setdevopt () { done } -m4_divert(26)m4_dnl +m4_divert(20)m4_dnl ###-------------------------------------------------------------------------- ### Packet filter construction. @@ -206,7 +219,7 @@ run ip6tables -A accept-non-init-frag -j RETURN \ -m frag --fragfirst run ip6tables -A accept-non-init-frag -j ACCEPT -m4_divert(26)m4_dnl +m4_divert(20)m4_dnl ## allowservices CHAIN PROTO SERVICE ... ## ## Add rules to allow the SERVICES on the CHAIN. @@ -293,7 +306,7 @@ openports () { run ip46tables -A $chain -p udp -g interesting --destination-port $1:$2 } -m4_divert(28)m4_dnl +m4_divert(20)m4_dnl ###-------------------------------------------------------------------------- ### Packet classification.