Send quit comment in fw3_destroy_ipsets() and initialize ipset objects with enabled...

[project/firewall3.git] / ipsets.c
diff --git a/ipsets.c b/ipsets.c

index a720172..eb37d0a 100644 (file)
--- a/ipsets.c
+++ b/ipsets.c
@@ -20,6 +20,8 @@
  
  
  const struct fw3_option fw3_ipset_opts[] = {
+       FW3_OPT("enabled",       bool,           ipset,     enabled),
+
         FW3_OPT("name",          string,         ipset,     name),
         FW3_OPT("family",        family,         ipset,     family),
  
@@ -214,6 +216,8 @@ fw3_alloc_ipset(void)
  
         INIT_LIST_HEAD(&ipset->datatypes);
  
+       ipset->enabled = true;
+
         return ipset;
  }
  
@@ -270,10 +274,8 @@ static void
  create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
  {
         bool first = true;
-       char s[INET6_ADDRSTRLEN];
  
         struct fw3_ipset_datatype *type;
-       struct fw3_address *a;
  
         const char *methods[] = {
                 "(bug)",
@@ -294,7 +296,7 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
         if (ipset->external && *ipset->external)
                 return;
  
-       info("Creating ipset %s", ipset->name);
+       info(" * Creating ipset %s", ipset->name);
  
         first = true;
         fw3_pr("create %s %s", ipset->name, methods[ipset->method]);
@@ -307,27 +309,7 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
  
         if (ipset->iprange.set)
         {
-               a = &ipset->iprange;
-
-               if (!a->range)
-               {
-                       inet_ntop(a->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
-                                 &a->address.v6, s, sizeof(s));
-
-                       fw3_pr(" range %s/%u", s, a->mask);
-               }
-               else
-               {
-                       inet_ntop(a->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
-                                 &a->address.v6, s, sizeof(s));
-
-                       fw3_pr(" range %s", s);
-
-                       inet_ntop(a->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
-                                 &a->address2.v6, s, sizeof(s));
-
-                       fw3_pr("-%s", s);
-               }
+               fw3_pr(" range %s", fw3_address_to_string(&ipset->iprange, false));
         }
         else if (ipset->portrange.set)
         {
@@ -351,8 +333,6 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
                 fw3_pr(" hashsize %u", ipset->hashsize);
  
         fw3_pr("\n");
-
-       fw3_set_running(ipset, &state->running_ipsets);
  }
  
  void
@@ -364,8 +344,7 @@ fw3_create_ipsets(struct fw3_state *state)
                 return;
  
         list_for_each_entry(ipset, &state->ipsets, list)
-               if (!fw3_lookup_ipset(state, ipset->name, true))
-                       create_ipset(ipset, state);
+               create_ipset(ipset, state);
  
         fw3_pr("quit\n");
  }
@@ -373,31 +352,21 @@ fw3_create_ipsets(struct fw3_state *state)
  void
  fw3_destroy_ipsets(struct fw3_state *state)
  {
-       struct fw3_ipset *s, *tmp;
-       int mask = (1 << FW3_FAMILY_V4) | (1 << FW3_FAMILY_V6);
+       struct fw3_ipset *s;
  
-       list_for_each_entry_safe(s, tmp, &state->running_ipsets, running_list)
+       list_for_each_entry(s, &state->ipsets, list)
         {
-               if (!hasbit(state->defaults.flags, FW3_FAMILY_V4))
-                       delbit(s->flags, FW3_FAMILY_V4);
-
-               if (!hasbit(state->defaults.flags, FW3_FAMILY_V6))
-                       delbit(s->flags, FW3_FAMILY_V6);
-
-               if (!(s->flags & mask))
-               {
-                       info("Deleting ipset %s", s->name);
+               info(" * Deleting ipset %s", s->name);
  
-                       fw3_pr("flush %s\n", s->name);
-                       fw3_pr("destroy %s\n", s->name);
-
-                       fw3_set_running(s, NULL);
-               }
+               fw3_pr("flush %s\n", s->name);
+               fw3_pr("destroy %s\n", s->name);
         }
+
+       fw3_pr("quit\n");
  }
  
  struct fw3_ipset *
-fw3_lookup_ipset(struct fw3_state *state, const char *name, bool running)
+fw3_lookup_ipset(struct fw3_state *state, const char *name)
  {
         struct fw3_ipset *s;
  
@@ -409,10 +378,7 @@ fw3_lookup_ipset(struct fw3_state *state, const char *name, bool running)
                 if (strcmp(s->name, name))
                         continue;
  
-               if (!running || s->running_list.next)
-                       return s;
-
-               break;
+               return s;
         }
  
         return NULL;