firewall: Use cleanup_ipsets() function from ipset-functions library

Asking the kernel for all known sets and unloading unused ones is a much
smarter approach than the old one.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 6c08feb86391a0a3a6456a8dfa105fba33e7f01e..daebea01a6ed2c085e6a929c19533ac438123380 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -27,6 +27,7 @@ require "${General::swroot}/lang.pl";
 require "/usr/lib/firewall/firewall-lib.pl";
 require "${General::swroot}/location-functions.pl";
 require "${General::swroot}/ipblocklist-functions.pl";
+require "${General::swroot}/ipset-functions.pl";
 
 # Set to one to enable debugging mode.
 my $DEBUG = 0;
@@ -136,9 +137,6 @@ undef (@dummy);
 &main();
 
 sub main {
-       # Get currently used ipset sets.
-       @ipset_used_sets = &ipset_get_sets();
-
        # Flush all chains.
        &flush();
 
@@ -166,7 +164,7 @@ sub main {
        run("/usr/sbin/firewall-policy");
 
        # Cleanup not longer needed ipset sets.
-       &ipset_cleanup();
+       &IPSet::Functions::cleanup_ipsets();
 
        #Reload firewall.local if present
        if ( -f '/etc/sysconfig/firewall.local'){
@@ -1108,20 +1106,3 @@ sub ipset_call_restore ($) {
                run("$IPSET restore -f $file");
        }
 }
-
-sub ipset_cleanup () {
-       # Reload the array of used sets.
-       @ipset_used_sets = &ipset_get_sets();
-
-       # Loop through the array of used sets.
-       foreach my $set (@ipset_used_sets) {
-               # Check if this set is still in use.
-               #
-               # In this case an entry in the loaded sets hash exists.
-               unless($ipset_loaded_sets{$set}) {
-                       # Entry does not exist, so this set is not longer
-                       # used and can be destroyed.
-                       run("$IPSET destroy $set");
-               }
-       }
-}