From: Stefan Schantl Date: Fri, 14 Apr 2023 18:46:23 +0000 (+0200) Subject: rules.pl: Drop old ipset related code X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d1e5a0de8a7546fb365951d0999ba834a257edcd;p=people%2Fstevee%2Fipfire-2.x.git rules.pl: Drop old ipset related code This code is not longer used and safely can be dropped Signed-off-by: Stefan Schantl --- diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 7223adf5e2..ada179d000 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -80,7 +80,6 @@ my %blocklistsettings= ( ); my %ipset_loaded_sets = (); -my @ipset_used_sets = (); my $configfwdfw = "${General::swroot}/firewall/config"; my $configinput = "${General::swroot}/firewall/input"; @@ -1043,84 +1042,3 @@ sub firewall_chain_exists ($) { return $ret; } - -sub ipset_get_sets () { - my @sets; - - # Get all currently used ipset lists and store them in an array. - my @output = `$IPSET -n list`; - - # Loop through the temporary array. - foreach my $set (@output) { - # Remove any newlines. - chomp($set); - - # Add the set the array of used sets. - push(@sets, $set); - } - - # Display used sets in debug mode. - if($DEBUG) { - print "Used ipset sets:\n"; - print "@sets\n\n"; - } - - # Return the array of sets. - return @sets; -} - -sub ipset_restore ($) { - my ($set) = @_; - - # Empty variable to store the db file, which should be - # restored by ipset. - my $db_file; - - # Check if the set already has been loaded. - if($ipset_loaded_sets{$set}) { - # It already has been loaded - so there is nothing to do. - return; - } - - # Check if the given set name is a country code. - if($set ~~ @locations) { - # Libloc adds the IP type (v4 or v6) as part of the set and file name. - my $loc_set = "$set" . "v4"; - - # The bare filename equals the set name. - my $filename = $loc_set; - - # Libloc uses "ipset" as file extension. - my $file_extension = "ipset"; - - # Generate full path and filename for the ipset db file. - my $db_file = "$Location::Functions::ipset_db_directory/$filename.$file_extension"; - - # Call function to restore/load the set. - &ipset_call_restore($db_file); - - # Check if the set is already loaded (has been used before). - if ($set ~~ @ipset_used_sets) { - # The sets contains the IP type (v4 or v6) as part of the name. - # The firewall rules matches against sets without that extension. So we safely - # can swap or rename the sets to use the new ones. - run("$IPSET swap $loc_set $set"); - } else { - # If the set is not loaded, we have to rename it to proper use it. - run("$IPSET rename $loc_set $set"); - } - } - - # Store the restored set to the hash to prevent from loading it again. - $ipset_loaded_sets{$set} = "1"; -} - -sub ipset_call_restore ($) { - my ($file) = @_; - - # Check if the requested file exists. - if (-f $file) { - # Run ipset and restore the given set. - run("$IPSET restore -f $file"); - } -}