git.librecmc.org Git - oweals/firewall3.git/commit

firewall3: Improve ipset support

This patch is an attempt at improving the ipset support in firewall3.
The following changes have been made:

* The enabled option did not work properly for ipsets, as it was not
checked on create/destroy of a set. After this commit, sets are only
created/destroyed if enabled is set to true.

* Add support for reloading, or recreating, ipsets on firewall reload.
By setting "reload_set" to true, the set will be destroyed and then
re-created when the firewall is reloaded. My use-case for "reload_set"
was to reset sets populated by dnsmasq, without having to restart the
firewall or resort to scripts.

* Add support for the counters and comment extensions. By setting
"counters" or "comment" to true, then counters or comments are added to
the set.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
re-ordered additional variables
dropped enum OPT_COMMENT & OPT_COUNTERS as unused
implemented exponential delay whilst waiting for ipset deletion/creation
fixed delays made firewall unresponsive for too long on reloads
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

author	Kristian Evensen <kristian.evensen@gmail.com>
	Wed, 6 Feb 2019 20:21:51 +0000 (21:21 +0100)
committer	Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
	Fri, 16 Aug 2019 08:52:50 +0000 (09:52 +0100)
commit	509e673dab011851ed084ca592c557ee395fddd4
tree	fa5fbfce1d959400569f9c91db08a0463b31809a	tree \| snapshot
parent	de9409762de14b5d909925c5db2e704ec13c754b	commit \| diff

ipsets.c		diff \| blob \| history
ipsets.h		diff \| blob \| history
main.c		diff \| blob \| history
options.h		diff \| blob \| history
utils.c		diff \| blob \| history