diff options
Diffstat (limited to 'src/plugins/ifw/ipset.c')
| -rw-r--r-- | src/plugins/ifw/ipset.c | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/src/plugins/ifw/ipset.c b/src/plugins/ifw/ipset.c new file mode 100644 index 0000000..74ca06e --- /dev/null +++ b/src/plugins/ifw/ipset.c @@ -0,0 +1,89 @@ +#include "ipset.h" + +#include <stdio.h> +#include <stdlib.h> +#include <netinet/in.h> + +#define CMD_MAX_SIZE 1024 + +#ifdef IPSET_DEBUG +#define DPRINTF(s) printf("%s\n", s) +#else +#define DPRINTF(s) +#endif + +void ipset_init() { + char cmd[CMD_MAX_SIZE]; + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -N " IPSET_BLACKLIST_NAME " iptree --timeout " IPSET_BLACKLIST_TIMEOUT); + DPRINTF(cmd); + system(cmd); + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -N " IPSET_WHITELIST_NAME " iptree"); + DPRINTF(cmd); + system(cmd); +} + +void ipset_destroy() { + char cmd[CMD_MAX_SIZE]; + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -X " IPSET_BLACKLIST_NAME); + DPRINTF(cmd); + system(cmd); + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -X " IPSET_WHITELIST_NAME); + DPRINTF(cmd); + system(cmd); +} + +/* void ipset_blacklist_load(char *filename) { */ +/* char cmd[CMD_MAX_SIZE]; */ +/* snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -R < %s", filename); */ +/* DPRINTF(cmd); */ +/* system(cmd); */ +/* } */ + +/* void ipset_blacklist_save(char *filename) { */ +/* char cmd[CMD_MAX_SIZE]; */ +/* snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -S " IPSET_BLACKLIST_NAME " > %s", filename); */ +/* DPRINTF(cmd); */ +/* system(cmd); */ +/* } */ + +/* void ipset_whitelist_load(char *filename) { */ +/* char cmd[CMD_MAX_SIZE]; */ +/* snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -R < %s", filename); */ +/* DPRINTF(cmd); */ +/* system(cmd); */ +/* } */ + +/* void ipset_whitelist_save(char *filename) { */ +/* char cmd[CMD_MAX_SIZE]; */ +/* snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -S " IPSET_WHITELIST_NAME " > %s", filename); */ +/* DPRINTF(cmd); */ +/* system(cmd); */ +/* } */ + +void ipset_blacklist_add(u_int32_t addr) { + char cmd[CMD_MAX_SIZE]; + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -A " IPSET_BLACKLIST_NAME " %u", ntohl(addr)); + DPRINTF(cmd); + system(cmd); +} + +void ipset_blacklist_remove(u_int32_t addr) { + char cmd[CMD_MAX_SIZE]; + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -D " IPSET_BLACKLIST_NAME " %u", ntohl(addr)); + DPRINTF(cmd); + system(cmd); +} + +void ipset_whitelist_add(u_int32_t addr) { + char cmd[CMD_MAX_SIZE]; + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -A " IPSET_WHITELIST_NAME " %u", ntohl(addr)); + DPRINTF(cmd); + system(cmd); +} + +void ipset_whitelist_remove(u_int32_t addr) { + char cmd[CMD_MAX_SIZE]; + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -D " IPSET_WHITELIST_NAME " %u", ntohl(addr)); + DPRINTF(cmd); + system(cmd); +} |