my $configgrp = "${General::swroot}/fwhosts/customgroups";
my $netsettings = "${General::swroot}/ethernet/settings";
my $blocklistfile = "${General::swroot}/ipblocklist/settings";
+my $fwlocal = "/etc/sysconfig/firewall.local";
&General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings);
&General::readhash("${General::swroot}/optionsfw/settings", \%fwoptions);
# Handle ipblocklist.
&ipblocklist();
+ # Handle firewall.local.
+ &fwlocal_sets();
+
# Reload firewall policy.
run("/usr/sbin/firewall-policy");
}
}
++# Check if firewall.local uses IPSet sets and if so, load the set names.
+sub fwlocal_sets {
+ # Open firewall.local to loop through it.
+ open(my $FWL, "<", $fwlocal) or die "can not open $fwlocal:";
+
+ # Variable to store potential set names.
+ my %fwlocalsets;
+
+ # If firewall.local includes IPSet set, search for the set names.
+ while (my $fwlsets = <$FWL>) {
+ chomp $fwlsets;
+ while ($fwlsets =~ /--match-set\s+(\S+)/g) {
+ my $fwlsetnames = $1;
+ $fwlocalsets{$fwlsetnames} = 1;
+ }
+ }
+
+ # Close firewall.local.
+ close($FWL);
+
+ # Include firewall.local IPSet sets to load them.
+ foreach my $fwlsetnames (keys %fwlocalsets) {
+
+ # Call function to restore/local the set.
+ &ipset_restore($fwlsetnames);
+ }
+}
+
sub get_protocols {
my $hash = shift;
my $key = shift;
projects / people / ummeegge / ipfire-2.x.git / commitdiff
