diff options
author | Olivier Blin <blino@mageia.org> | 2011-12-04 14:39:32 +0000 |
---|---|---|
committer | Olivier Blin <blino@mageia.org> | 2011-12-04 14:39:32 +0000 |
commit | 1c2279950b3c8e5194209c01e73272b8bd74cac9 (patch) | |
tree | 08ec393f22c82cf69fc290c910710f64dc6e1c96 | |
parent | ed52fd0aefb3b57f93f449e240d7f68ab4307eeb (diff) | |
download | mandi-1c2279950b3c8e5194209c01e73272b8bd74cac9.tar mandi-1c2279950b3c8e5194209c01e73272b8bd74cac9.tar.gz mandi-1c2279950b3c8e5194209c01e73272b8bd74cac9.tar.bz2 mandi-1c2279950b3c8e5194209c01e73272b8bd74cac9.tar.xz mandi-1c2279950b3c8e5194209c01e73272b8bd74cac9.zip |
adapt to new ipset syntax
-rw-r--r-- | scripts/start | 4 | ||||
-rw-r--r-- | src/plugins/ifw/ipset.c | 16 |
2 files changed, 10 insertions, 10 deletions
diff --git a/scripts/start b/scripts/start index f14d0d1..b7377c9 100644 --- a/scripts/start +++ b/scripts/start @@ -1,5 +1,5 @@ iptables -N Ifw -ipset -N ifw_wl iptree +ipset create ifw_wl hash:ip iptables -A Ifw -m set --match-set ifw_wl src -j RETURN -ipset -N ifw_bl iptree --timeout 3600 +ipset create ifw_bl hash:ip --timeout 3600 iptables -A Ifw -m set --match-set ifw_bl src -j DROP diff --git a/src/plugins/ifw/ipset.c b/src/plugins/ifw/ipset.c index 74ca06e..1522148 100644 --- a/src/plugins/ifw/ipset.c +++ b/src/plugins/ifw/ipset.c @@ -14,20 +14,20 @@ void ipset_init() { char cmd[CMD_MAX_SIZE]; - snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -N " IPSET_BLACKLIST_NAME " iptree --timeout " IPSET_BLACKLIST_TIMEOUT); + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " add " IPSET_BLACKLIST_NAME " hash:ip --timeout " IPSET_BLACKLIST_TIMEOUT); DPRINTF(cmd); system(cmd); - snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -N " IPSET_WHITELIST_NAME " iptree"); + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " add " IPSET_WHITELIST_NAME " hash:ip"); DPRINTF(cmd); system(cmd); } void ipset_destroy() { char cmd[CMD_MAX_SIZE]; - snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -X " IPSET_BLACKLIST_NAME); + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " destroy " IPSET_BLACKLIST_NAME); DPRINTF(cmd); system(cmd); - snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -X " IPSET_WHITELIST_NAME); + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " destroy " IPSET_WHITELIST_NAME); DPRINTF(cmd); system(cmd); } @@ -62,28 +62,28 @@ void ipset_destroy() { void ipset_blacklist_add(u_int32_t addr) { char cmd[CMD_MAX_SIZE]; - snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -A " IPSET_BLACKLIST_NAME " %u", ntohl(addr)); + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " add " IPSET_BLACKLIST_NAME " %u", ntohl(addr)); DPRINTF(cmd); system(cmd); } void ipset_blacklist_remove(u_int32_t addr) { char cmd[CMD_MAX_SIZE]; - snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -D " IPSET_BLACKLIST_NAME " %u", ntohl(addr)); + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " del " IPSET_BLACKLIST_NAME " %u", ntohl(addr)); DPRINTF(cmd); system(cmd); } void ipset_whitelist_add(u_int32_t addr) { char cmd[CMD_MAX_SIZE]; - snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -A " IPSET_WHITELIST_NAME " %u", ntohl(addr)); + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " add " IPSET_WHITELIST_NAME " %u", ntohl(addr)); DPRINTF(cmd); system(cmd); } void ipset_whitelist_remove(u_int32_t addr) { char cmd[CMD_MAX_SIZE]; - snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " -D " IPSET_WHITELIST_NAME " %u", ntohl(addr)); + snprintf(cmd, CMD_MAX_SIZE, IPSET_CMD " del " IPSET_WHITELIST_NAME " %u", ntohl(addr)); DPRINTF(cmd); system(cmd); } |