ipblocklist: Add "v4" as extension to the ipset set names.

This easily allows us to swap the sets after updating, without
unloading them.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/config/cfgroot/ipblocklist-functions.pl b/config/cfgroot/ipblocklist-functions.pl
index f0e5ff73f1c5b7788fed6757f55b88ec4a376f9d..ecabf42e859abeb189c46279ebffc6e3114d357e 100644 (file)
--- a/config/cfgroot/ipblocklist-functions.pl
+++ b/config/cfgroot/ipblocklist-functions.pl
@@ -249,6 +249,9 @@ sub download_and_create_blocklist($) {
        # Simply set the limit of list elements to the double of current list elements.
        my $maxelem = $list_entries *2;
 
+       # Add "v4" suffix to the list name.
+       $list = "$list" . "v4";
+
        # Write line to create the set.
        #
        # We safely can use hash:net as type because it supports single addresses and networks.

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 9198fec1d50d61b3b10e9dc6bde91ed58417947f..799b2667d87dc36f5f72961b00dd7e8a983141de 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -1060,11 +1060,23 @@ sub ipset_restore ($) {
 
        # Check if the given set name is a blocklist.
        } elsif ($set ~~ @blocklists) {
+               # IPblocklist sets contains v4 as setname extension.
+               my $set_name = "$set" . "v4";
+
                # Get the database file for the given blocklist.
                my $db_file = &IPblocklist::get_ipset_db_file($set);
 
                # Call function to restore/load the set.
                &ipset_call_restore($db_file);
+
+               # Check if the set is already loaded (has been used before).
+               if ($set ~~ @ipset_used_sets) {
+                       # Swap the sets.
+                       run("$IPSET swap $set_name $set");
+               } else {
+                       # Rename the set to proper use it.
+                       run("$IPSET rename $set_name $set");
+               }
        }
 
        # Store the restored set to the hash to prevent from loading it again.

diff --git a/src/scripts/update-ipblocklists b/src/scripts/update-ipblocklists
index b96bb4f7ceb15f239479c6edfe86c6aba65ef412..9918cac4171b894f3070a7f8f826a51e06968a3a 100644 (file)
--- a/src/scripts/update-ipblocklists
+++ b/src/scripts/update-ipblocklists
@@ -139,6 +139,15 @@ if (@updated_blocklists) {
 
                # Call safe system function to reload/update the blocklist.
                &General::system("ipset", "restore", "-f", "$ipset_db_file");
+
+               # The set name contains a "v4" as suffix.
+               my $set_name = "$updated_blocklist" . "v4";
+
+               # Swap the sets to use the new one.
+               &General::system("ipset", "swap", "$set_name", "$updated_blocklist");
+
+               # Destroy the old blocklist.
+               &General::system("ipset", "destroy", "$set_name");
        }
 }