Also read addresses from "ipv6-prefix-assignment" ifstatus table

[project/firewall3.git] / ipsets.c

diff --git a/ipsets.c b/ipsets.c
index a720172..48aaa9c 100644 (file)
--- a/ipsets.c
+++ b/ipsets.c
@@ -20,6 +20,8 @@
 
 
 const struct fw3_option fw3_ipset_opts[] = {
+       FW3_OPT("enabled",       bool,           ipset,     enabled),
+
        FW3_OPT("name",          string,         ipset,     name),
        FW3_OPT("family",        family,         ipset,     family),
 
@@ -294,7 +296,7 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
        if (ipset->external && *ipset->external)
                return;
 
-       info("Creating ipset %s", ipset->name);
+       info(" * Creating ipset %s", ipset->name);
 
        first = true;
        fw3_pr("create %s %s", ipset->name, methods[ipset->method]);
@@ -371,22 +373,17 @@ fw3_create_ipsets(struct fw3_state *state)
 }
 
 void
-fw3_destroy_ipsets(struct fw3_state *state)
+fw3_destroy_ipsets(struct fw3_state *state, enum fw3_family family)
 {
        struct fw3_ipset *s, *tmp;
-       int mask = (1 << FW3_FAMILY_V4) | (1 << FW3_FAMILY_V6);
 
        list_for_each_entry_safe(s, tmp, &state->running_ipsets, running_list)
        {
-               if (!hasbit(state->defaults.flags, FW3_FAMILY_V4))
-                       delbit(s->flags, FW3_FAMILY_V4);
-
-               if (!hasbit(state->defaults.flags, FW3_FAMILY_V6))
-                       delbit(s->flags, FW3_FAMILY_V6);
+               del(s->flags, family, family);
 
-               if (!(s->flags & mask))
+               if (fw3_no_family(s->flags[family == FW3_FAMILY_V6]))
                {
-                       info("Deleting ipset %s", s->name);
+                       info(" * Deleting ipset %s", s->name);
 
                        fw3_pr("flush %s\n", s->name);
                        fw3_pr("destroy %s\n", s->name);