const struct fw3_option fw3_ipset_opts[] = {
+ FW3_OPT("enabled", bool, ipset, enabled),
+
FW3_OPT("name", string, ipset, name),
FW3_OPT("family", family, ipset, family),
FW3_OPT("storage", ipset_method, ipset, method),
FW3_LIST("match", ipset_datatype, ipset, datatypes),
- FW3_LIST("iprange", address, ipset, iprange),
+ FW3_OPT("iprange", address, ipset, iprange),
FW3_OPT("portrange", port, ipset, portrange),
FW3_OPT("netmask", int, ipset, netmask),
if (!ipset->external || !*ipset->external)
{
if ((ipset_types[i].required & OPT_IPRANGE) &&
- list_empty(&ipset->iprange))
+ !ipset->iprange.set)
{
warn_elem(e, "requires an ip range");
return false;
}
if (!(ipset_types[i].required & OPT_IPRANGE) &&
- !list_empty(&ipset->iprange))
+ ipset->iprange.set)
{
warn_elem(e, "iprange ignored");
- fw3_free_list(&ipset->iprange);
+ ipset->iprange.set = false;
}
if (!(ipset_types[i].required & OPT_PORTRANGE) &&
ipset->portrange.set)
{
warn_elem(e, "portrange ignored");
- memset(&ipset->portrange, 0, sizeof(ipset->portrange));
+ ipset->portrange.set = false;
}
if (!(ipset_types[i].optional & OPT_NETMASK) &&
memset(ipset, 0, sizeof(*ipset));
INIT_LIST_HEAD(&ipset->datatypes);
- INIT_LIST_HEAD(&ipset->iprange);
return ipset;
}
char s[INET6_ADDRSTRLEN];
struct fw3_ipset_datatype *type;
- struct fw3_address *a1, *a2;
+ struct fw3_address *a;
const char *methods[] = {
"(bug)",
if (ipset->external && *ipset->external)
return;
- info("Creating ipset %s", ipset->name);
+ info(" * Creating ipset %s", ipset->name);
first = true;
fw3_pr("create %s %s", ipset->name, methods[ipset->method]);
first = false;
}
- if (!list_empty(&ipset->iprange))
+ if (ipset->iprange.set)
{
- a1 = list_first_entry(&ipset->iprange, struct fw3_address, list);
- a2 = list_last_entry(&ipset->iprange, struct fw3_address, list);
+ a = &ipset->iprange;
- if (a1 == a2)
+ if (!a->range)
{
- inet_ntop(a1->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &a1->address.v6, s, sizeof(s));
+ inet_ntop(a->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
+ &a->address.v6, s, sizeof(s));
- fw3_pr(" range %s/%u", s, a1->mask);
+ fw3_pr(" range %s/%u", s, a->mask);
}
- else if (a1->family == a2->family &&
- fw3_is_family(ipset, a1->family) &&
- fw3_is_family(ipset, a2->family))
+ else
{
- inet_ntop(a1->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &a1->address.v6, s, sizeof(s));
+ inet_ntop(a->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
+ &a->address.v6, s, sizeof(s));
fw3_pr(" range %s", s);
- inet_ntop(a2->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &a2->address.v6, s, sizeof(s));
+ inet_ntop(a->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
+ &a->address2.v6, s, sizeof(s));
fw3_pr("-%s", s);
}
}
void
-fw3_destroy_ipsets(struct fw3_state *state)
+fw3_destroy_ipsets(struct fw3_state *state, enum fw3_family family)
{
struct fw3_ipset *s, *tmp;
- int mask = (1 << FW3_FAMILY_V4) | (1 << FW3_FAMILY_V6);
list_for_each_entry_safe(s, tmp, &state->running_ipsets, running_list)
{
- if (!hasbit(state->defaults.flags, FW3_FAMILY_V4))
- delbit(s->flags, FW3_FAMILY_V4);
-
- if (!hasbit(state->defaults.flags, FW3_FAMILY_V6))
- delbit(s->flags, FW3_FAMILY_V6);
+ del(s->flags, family, family);
- if (!(s->flags & mask))
+ if (fw3_no_family(s->flags[family == FW3_FAMILY_V6]))
{
- info("Deleting ipset %s", s->name);
+ info(" * Deleting ipset %s", s->name);
fw3_pr("flush %s\n", s->name);
fw3_pr("destroy %s\n", s->name);
projects / project / firewall3.git / blobdiff