X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/ce79e94a94afdadb090256df777940516eca40df..961148a5388760756ab37b897576eec33edbd3a9:/functions.m4

diff --git a/functions.m4 b/functions.m4
index 5cc70f8..05decbf 100644
--- a/functions.m4
+++ b/functions.m4
@@ -85,10 +85,23 @@ clearchain () {
       *:*) table=${chain%:*} chain=${chain#*:} ;;
       *) table=filter ;;
     esac
-    run ip46tables -t $table -N $chain
+    run ip46tables -t $table -N $chain 2>/dev/null || :
   done
 }
 
+## makeset SET TYPE [PARAMS]
+##
+## Ensure that the named ipset exists.  Don't clear it.
+makeset () {
+  set -e
+  name=$1; shift
+  if ipset -nL | grep -q "^Name: $name$"; then
+    :
+  else
+    ipset -N "$name" "$@"
+  fi
+}
+
 ## errorchain CHAIN ACTION ARGS ...
 ##
 ## Make a chain which logs a message and then invokes some other action,
@@ -104,7 +117,9 @@ errorchain () {
   run ip46tables -t $table -A $chain -j LOG \
 	  -m limit --limit 3/minute --limit-burst 10 \
 	  --log-prefix "fw: $chain " --log-level notice
-  run ip46tables -t $table -A $chain -j "$@"
+  run ip46tables -t $table -A $chain -j "$@" \
+	  -m limit --limit 20/second --limit-burst 100
+  run ip46tables -t $table -A $chain -j DROP
 }
 
 m4_divert(24)m4_dnl