From 1c2279950b3c8e5194209c01e73272b8bd74cac9 Mon Sep 17 00:00:00 2001
From: Olivier Blin <blino@mageia.org>
Date: Sun, 4 Dec 2011 14:39:32 +0000
Subject: adapt to new ipset syntax

---
 scripts/start           |  4 ++--
 src/plugins/ifw/ipset.c | 16 ++++++++--------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/scripts/start b/scripts/start
index f14d0d1..b7377c9 100644
--- a/scripts/start
+++ b/scripts/start
@@ -1,5 +1,5 @@
 iptables -N Ifw
-ipset -N ifw_wl iptree
+ipset create ifw_wl hash:ip
 iptables -A Ifw -m set --match-set ifw_wl src -j RETURN
-ipset -N ifw_bl iptree --timeout 3600
+ipset create ifw_bl hash:ip --timeout 3600
 iptables -A Ifw -m set --match-set ifw_bl src -j DROP
diff --git a/src/plugins/ifw/ipset.c b/src/plugins/ifw/ipset.c
index 74ca06e..1522148 100644
--- a/src/plugins/ifw/ipset.c
+++ b/src/plugins/ifw/ipset.c
@@ -14,20 +14,20 @@
 
 void ipset_init() {
     char cmd[CMD_MAX_SIZE];
-    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -N " IPSET_BLACKLIST_NAME " iptree --timeout " IPSET_BLACKLIST_TIMEOUT);
+    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " add " IPSET_BLACKLIST_NAME " hash:ip --timeout " IPSET_BLACKLIST_TIMEOUT);
     DPRINTF(cmd);
     system(cmd);
-    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -N " IPSET_WHITELIST_NAME " iptree");
+    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " add " IPSET_WHITELIST_NAME " hash:ip");
     DPRINTF(cmd);
     system(cmd);
 }
 
 void ipset_destroy() {
     char cmd[CMD_MAX_SIZE];
-    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -X " IPSET_BLACKLIST_NAME);
+    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " destroy " IPSET_BLACKLIST_NAME);
     DPRINTF(cmd);
     system(cmd);
-    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -X " IPSET_WHITELIST_NAME);
+    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " destroy " IPSET_WHITELIST_NAME);
     DPRINTF(cmd);
     system(cmd);
 }
@@ -62,28 +62,28 @@ void ipset_destroy() {
 
 void ipset_blacklist_add(u_int32_t addr) {
     char cmd[CMD_MAX_SIZE];
-    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -A " IPSET_BLACKLIST_NAME " %u", ntohl(addr));
+    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " add " IPSET_BLACKLIST_NAME " %u", ntohl(addr));
     DPRINTF(cmd);
     system(cmd);
 }
 
 void ipset_blacklist_remove(u_int32_t addr) {
     char cmd[CMD_MAX_SIZE];
-    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -D " IPSET_BLACKLIST_NAME " %u", ntohl(addr));
+    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " del " IPSET_BLACKLIST_NAME " %u", ntohl(addr));
     DPRINTF(cmd);
     system(cmd);
 }
 
 void ipset_whitelist_add(u_int32_t addr) {
     char cmd[CMD_MAX_SIZE];
-    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -A " IPSET_WHITELIST_NAME " %u", ntohl(addr));
+    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " add " IPSET_WHITELIST_NAME " %u", ntohl(addr));
     DPRINTF(cmd);
     system(cmd);
 }
 
 void ipset_whitelist_remove(u_int32_t addr) {
     char cmd[CMD_MAX_SIZE];
-    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -D " IPSET_WHITELIST_NAME " %u", ntohl(addr));
+    snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " del " IPSET_WHITELIST_NAME " %u", ntohl(addr));
     DPRINTF(cmd);
     system(cmd);
 }
-- 
cgit v1.2.1