From patchwork Wed Mar 2 19:43:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 5297 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4K84Kg4gHNz3xK1 for ; Wed, 2 Mar 2022 19:43:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4K84Kd5vXXz1yr; Wed, 2 Mar 2022 19:43:17 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4K84Kd4v1Vz2ys1; Wed, 2 Mar 2022 19:43:17 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4K84Kb5XZWz2xkT for ; Wed, 2 Mar 2022 19:43:15 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4K84KZ1JCmz1yr; Wed, 2 Mar 2022 19:43:14 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1646250195; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=L0LHhYdyFOVXwY6dTuM38Vwy4LMZCGBY5LsyOuEFO3g=; b=FmdqImgv6LWd9fI4eGMCohGOd60RCYHQ3sM419ZrQNuC4i4af8KPBodlbXhWWaw5KxzVN2 JruTnKk43n3ztuCQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1646250195; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=L0LHhYdyFOVXwY6dTuM38Vwy4LMZCGBY5LsyOuEFO3g=; b=Jr3ZdirKJ0CCwjccb9prd0BO4zygsfywMAaGSsVv3Vh9jYqN/+bQfMlgvPfH2Dz+5X6F2l OUkU8BqDB9NrnAl72xEd/NxrCu4co5uMSFOVoP/r324e5S1bZLL6KCRoTHfm+zK8/UV3vR qr9BX9ynJv6CzKiAsOKq91BSjry1B1Y2H+pgWswTEiGIZGbvgLeD97ppgQ3g17z9699ySC RIj9E7yc3AX+wB/qBSzXJZR3CEibHOiFGB3ekE4JH3CAyShacBc/G5c1hL9BZWjbf6k771 Vwgj59rihXBnc20G2VPmxFnbWQr+F1v8jlUDDQoC8TIG7oL7jlJ3luv0yIYA9w== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH 1/2] rules.pl: Autodetect ipset db file to restore. Date: Wed, 2 Mar 2022 20:43:05 +0100 Message-Id: <20220302194306.4110-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This commit allows the ipset_restore() function to auto-detect which set file needs to be restored. Currently it is limitated to country codes only, because we currently does not support anything else. Signed-off-by: Stefan Schantl --- config/firewall/rules.pl | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index b12764d18..b8c602538 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -945,8 +945,9 @@ sub ipset_get_sets () { sub ipset_restore ($) { my ($set) = @_; - my $file_prefix = "ipset4"; - my $db_file = "$Location::Functions::ipset_db_directory/$set.$file_prefix"; + # Empty variable to store the db file, which should be + # restored by ipset. + my $db_file; # Check if the set already has been loaded. if($ipset_loaded_sets{$set}) { @@ -954,6 +955,15 @@ sub ipset_restore ($) { return; } + # Check if the given set name is a country code. + if($set ~~ @locations) { + # Libloc adds "ipset4" as prefix to all exported IPv4 data. + my $file_prefix = "ipset4"; + + # Generate full path and filename for the ipset db file to restore. + $db_file = "$Location::Functions::ipset_db_directory/$set.$file_prefix"; + } + # Check if the generated file exists. if (-f $db_file) { # Run ipset and restore the given set.