summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--scripts/start4
-rw-r--r--src/plugins/ifw/ipset.c16
2 files changed, 10 insertions, 10 deletions
diff --git a/scripts/start b/scripts/start
index f14d0d1..b7377c9 100644
--- a/scripts/start
+++ b/scripts/start
@@ -1,5 +1,5 @@
iptables -N Ifw
-ipset -N ifw_wl iptree
+ipset create ifw_wl hash:ip
iptables -A Ifw -m set --match-set ifw_wl src -j RETURN
-ipset -N ifw_bl iptree --timeout 3600
+ipset create ifw_bl hash:ip --timeout 3600
iptables -A Ifw -m set --match-set ifw_bl src -j DROP
diff --git a/src/plugins/ifw/ipset.c b/src/plugins/ifw/ipset.c
index 74ca06e..1522148 100644
--- a/src/plugins/ifw/ipset.c
+++ b/src/plugins/ifw/ipset.c
@@ -14,20 +14,20 @@
void ipset_init() {
char cmd[CMD_MAX_SIZE];
- snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -N " IPSET_BLACKLIST_NAME " iptree --timeout " IPSET_BLACKLIST_TIMEOUT);
+ snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " add " IPSET_BLACKLIST_NAME " hash:ip --timeout " IPSET_BLACKLIST_TIMEOUT);
DPRINTF(cmd);
system(cmd);
- snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -N " IPSET_WHITELIST_NAME " iptree");
+ snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " add " IPSET_WHITELIST_NAME " hash:ip");
DPRINTF(cmd);
system(cmd);
}
void ipset_destroy() {
char cmd[CMD_MAX_SIZE];
- snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -X " IPSET_BLACKLIST_NAME);
+ snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " destroy " IPSET_BLACKLIST_NAME);
DPRINTF(cmd);
system(cmd);
- snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -X " IPSET_WHITELIST_NAME);
+ snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " destroy " IPSET_WHITELIST_NAME);
DPRINTF(cmd);
system(cmd);
}
@@ -62,28 +62,28 @@ void ipset_destroy() {
void ipset_blacklist_add(u_int32_t addr) {
char cmd[CMD_MAX_SIZE];
- snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -A " IPSET_BLACKLIST_NAME " %u", ntohl(addr));
+ snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " add " IPSET_BLACKLIST_NAME " %u", ntohl(addr));
DPRINTF(cmd);
system(cmd);
}
void ipset_blacklist_remove(u_int32_t addr) {
char cmd[CMD_MAX_SIZE];
- snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -D " IPSET_BLACKLIST_NAME " %u", ntohl(addr));
+ snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " del " IPSET_BLACKLIST_NAME " %u", ntohl(addr));
DPRINTF(cmd);
system(cmd);
}
void ipset_whitelist_add(u_int32_t addr) {
char cmd[CMD_MAX_SIZE];
- snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -A " IPSET_WHITELIST_NAME " %u", ntohl(addr));
+ snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " add " IPSET_WHITELIST_NAME " %u", ntohl(addr));
DPRINTF(cmd);
system(cmd);
}
void ipset_whitelist_remove(u_int32_t addr) {
char cmd[CMD_MAX_SIZE];
- snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -D " IPSET_WHITELIST_NAME " %u", ntohl(addr));
+ snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " del " IPSET_WHITELIST_NAME " %u", ntohl(addr));
DPRINTF(cmd);
system(cmd);
}