Created
May 16, 2019 11:23
-
-
Save korotin/ef0f5d1a92b786d417870af8a2e4524c to your computer and use it in GitHub Desktop.
ipset plugin for netfilter-persistent
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Plugin for netfilter-persistent which makes ipset lists persistent. | |
| # | |
| # Make sure that you have netfilter-persitent and ipset installed, | |
| # put this file in /usr/share/netfilter-persistent/plugins.d and make it executable. | |
| set -e | |
| rc=0 | |
| ipset_bin=/sbin/ipset | |
| ip_file=/etc/iptables/ipset | |
| load_ips() | |
| { | |
| if [ ! -f $ip_file ]; then | |
| echo "Warning: skipping ipset (no IPs to load)" | |
| else | |
| $ipset_bin destroy | |
| $ipset_bin restore < $ip_file 2> /dev/null | |
| if [ $? -ne 0 ]; then | |
| rc=1 | |
| fi | |
| fi | |
| } | |
| save_ips() | |
| { | |
| $ipset_bin save > $ip_file 2> /dev/null | |
| if [ $? -ne 0 ]; then | |
| rc=1 | |
| fi | |
| chmod 0640 $ip_file | |
| } | |
| flush_ips() | |
| { | |
| $ipset_bin flush | |
| } | |
| case "$1" in | |
| start|restart|reload|force-reload) | |
| load_ips | |
| ;; | |
| save) | |
| save_ips | |
| ;; | |
| stop) | |
| echo "Automatic flushing disabled, use \"flush\" instead of \"stop\"" | |
| ;; | |
| flush) | |
| flush_ips | |
| ;; | |
| *) | |
| echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2 | |
| exit 1 | |
| ;; | |
| esac | |
| exit $rc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment