From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Mon, 25 Apr 2022 18:57:04 +0000 (+0200)
Subject: ipblocklist: Add "v4" as extension to the ipset set names.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=404b513794505ca82d50a173b228d50ac786438a;p=people%2Fstevee%2Fipfire-2.x.git

ipblocklist: Add "v4" as extension to the ipset set names.

This easily allows us to swap the sets after updating, without
unloading them.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/config/cfgroot/ipblocklist-functions.pl b/config/cfgroot/ipblocklist-functions.pl
index f0e5ff73f1..ecabf42e85 100644
--- a/config/cfgroot/ipblocklist-functions.pl
+++ b/config/cfgroot/ipblocklist-functions.pl
@@ -249,6 +249,9 @@ sub download_and_create_blocklist($) {
 	# Simply set the limit of list elements to the double of current list elements.
 	my $maxelem = $list_entries *2;
 
+	# Add "v4" suffix to the list name.
+	$list = "$list" . "v4";
+
 	# Write line to create the set.
 	#
 	# We safely can use hash:net as type because it supports single addresses and networks.
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 9198fec1d5..799b2667d8 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -1060,11 +1060,23 @@ sub ipset_restore ($) {
 
 	# Check if the given set name is a blocklist.
 	} elsif ($set ~~ @blocklists) {
+		# IPblocklist sets contains v4 as setname extension.
+		my $set_name = "$set" . "v4";
+
 		# Get the database file for the given blocklist.
 		my $db_file = &IPblocklist::get_ipset_db_file($set);
 
 		# Call function to restore/load the set.
 		&ipset_call_restore($db_file);
+
+		# Check if the set is already loaded (has been used before).
+		if ($set ~~ @ipset_used_sets) {
+			# Swap the sets.
+			run("$IPSET swap $set_name $set");
+		} else {
+			# Rename the set to proper use it.
+			run("$IPSET rename $set_name $set");
+		}
 	}
 
 	# Store the restored set to the hash to prevent from loading it again.
diff --git a/src/scripts/update-ipblocklists b/src/scripts/update-ipblocklists
index b96bb4f7ce..9918cac417 100644
--- a/src/scripts/update-ipblocklists
+++ b/src/scripts/update-ipblocklists
@@ -139,6 +139,15 @@ if (@updated_blocklists) {
 
 		# Call safe system function to reload/update the blocklist.
 		&General::system("ipset", "restore", "-f", "$ipset_db_file");
+
+		# The set name contains a "v4" as suffix.
+		my $set_name = "$updated_blocklist" . "v4";
+
+		# Swap the sets to use the new one.
+		&General::system("ipset", "swap", "$set_name", "$updated_blocklist");
+
+		# Destroy the old blocklist.
+		&General::system("ipset", "destroy", "$set_name");
 	}
 }