Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 908657 Details for
Bug 888571
provide an init script that loads the ipsets
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Final ipset script
ipset (text/plain), 5.52 KB, created by
Thomas Woerner
on 2014-06-13 17:04:10 UTC
(
hide
)
Description:
Final ipset script
Filename:
MIME Type:
Creator:
Thomas Woerner
Created:
2014-06-13 17:04:10 UTC
Size:
5.52 KB
patch
obsolete
>#!/bin/bash ># ># ipset Start, stop and save IP sets ># ># chkconfig: 2345 07 93 ># description: Starts, stops and saves IP sets ># ># config: /etc/sysconfig/ipset ># config: /etc/sysconfig/iptables-config ># config: /etc/sysconfig/ip6tables-config ># >### BEGIN INIT INFO ># Provides: ipset ># Default-Start: 2 3 4 5 ># Default-Stop: 0 1 6 ># Short-Description: start and stop IP sets ># Description: Start, stop and save IP sets >### END INIT INFO > ># Source function library. >. /etc/init.d/functions > >IPSET=ipset >IPSET_BIN=/usr/sbin/${IPSET} >IPSET_DATA=/etc/sysconfig/$IPSET >VAR_SUBSYS_IPSET=/var/lock/subsys/$IPSET > >IPTABLES_CONFIG=/etc/sysconfig/iptables-config >IP6TABLES_CONFIG=${IPTABLES_CONFIG/iptables/ip6tables} > >TMP_FIFO=/tmp/${IPSET}.$$ > >if [[ ! -x ${IPSET_BIN} ]]; then > echo -n "${IPSET_BIN} does not exist."; warning; echo > exit 5 >fi > >CLEAN_FILES=TMP_FIFO >trap "rm -f \$CLEAN_FILES" EXIT > ># Default ipset configuration: >[[ -z $IPSET_SAVE_ON_STOP ]] && IPSET_SAVE_ON_STOP=no # Overridden by ip(6)tables IP(6)TABLES_SAVE_ON_STOP >[[ -z $IPSET_SAVE_ON_RESTART ]] && IPSET_SAVE_ON_RESTART=no # Overridden by ip(6)tables IP(6)TABLES_SAVE_ON_RESTART > ># Load iptables configuration(s) >[[ -f "$IPTABLES_CONFIG" ]] && . "$IPTABLES_CONFIG" >[[ -f "$IP6TABLES_CONFIG" ]] && . "$IP6TABLES_CONFIG" > ># It doesn't make sense to save iptables config and not our config >[[ ${IPTABLES_SAVE_ON_STOP} = yes || ${IP6TABLES_SAVE_ON_STOP} = yes ]] && IPSET_SAVE_ON_STOP=yes >[[ ${IPTABLES_SAVE_ON_RESTART} = yes || ${IP6TABLES_SAVE_ON_RESTART} = yes ]] && IPSET_SAVE_ON_RESTART=yes > >flush_n_delete() { > local ret=0 set > > if [[ -n $(lsmod | grep "^xt_set ") ]]; then > rmmod xt_set 2>/dev/null > [[ $? -ne 0 ]] && { > echo -n $"${IPSET}: Current ip*tables configuration requires ipsets"; > warning; echo > return 1; > } > fi > > [[ -z "$(${IPSET_BIN} list -n)" ]] && return 1 > > echo -n $"${IPSET}: Flushing and destroying IP sets: " > > # Flush sets > ${IPSET_BIN} flush > let ret+=$? > > # Delete ipset sets. If we don't do them individually, then none > # will be deleted unless they all can be. > for set in $(${IPSET_BIN} list -name); do > ${IPSET_BIN} destroy 2>/dev/null > [[ $? -ne 0 ]] && ret=1 > done > > [[ $ret -eq 0 ]] && success || failure > echo > > return $ret >} > >start() { > # Do not start if there is no config file. > [[ ! -f "$IPSET_DATA" ]] && { > echo $"${IPSET}: Loaded with no configuration" > return 6; > } > > [[ -n "$(${IPSET_BIN} list -n)" ]] && flush_n_delete > > # This is the easy way to start but would leave any old > # entries still configured. Still, better than nothing - > # but fine if we had no config > echo -n $"${IPSET}: Loading IP sets: " > ${IPSET_BIN} restore -! <${IPSET_DATA} > res=$? > [[ $res -eq 0 ]] && success || failure > echo > > if [[ $res -ne 0 ]]; then > return 1 > fi > > touch $VAR_SUBSYS_IPSET > return 0 >} > >stop() { > # Nothing to stop if ip_set module is not loaded. > lsmod | grep -q "^ip_set " > [[ $? -ne 0 ]] && return 6 > > flush_n_delete > > rm -f $VAR_SUBSYS_IPSET > return 0 >} > >save() { > # Do not save if ip_set module is not loaded. > lsmod | grep -q "^ip_set " > [[ $? -ne 0 ]] && return 6 > > [[ -z $(${IPSET_BIN} list -name) ]] && { > echo -n $"${IPSET}: No IP sets: "; warning; echo > return 0 > } > > echo -n $"${IPSET}: Saving IP sets to $IPSET_DATA: " > > ret=0 > TMP_FILE=$(/bin/mktemp -q /tmp/$IPSET.XXXXXX) \ > && CLEAN_FILES+=" $TMP_FILE" \ > && chmod 600 "$TMP_FILE" \ > && ${IPSET_BIN} save > $TMP_FILE 2>/dev/null \ > && [[ -s $TMP_FILE ]] \ > || ret=1 > > if [[ $ret -eq 0 ]]; then > # No need to do anything if the files are the same > if [[ ! -f $IPSET_DATA ]]; then > mv $TMP_FILE $IPSET_DATA && chmod 600 $IPSET_DATA || ret=1 > else > diff -q $TMP_FILE $IPSET_DATA >/dev/null > > if [[ $? -ne 0 ]]; then > if [[ -f $IPSET_DATA ]]; then > cp -f --preserve=timestamps $IPSET_DATA $IPSET_DATA.save \ > && chmod 600 $IPSET_DATA.save \ > || ret=1 > fi > if [[ $ret -eq 0 ]]; then > cp -f --preserve=timestamps $TMP_FILE $IPSET_DATA \ > && chmod 600 $IPSET_DATA \ > || ret=1 > fi > fi > fi > fi > > rm -f $TMP_FILE > > [ $ret -eq 0 ] && success || failure > echo > return $ret >} > >status() { > local ret=0 set > > # No IP sets, ip_set module is not loaded. > lsmod | grep -q "^ip_set " > [[ $? -ne 0 ]] && return 6 > > for set in $(${IPSET_BIN} list -name | sort -u); do > LANG=C ipset list $set | awk '{ > m = 0 > n = 0 > do { > if ($i == "Members:") { m = 1 } > if (m == 0) { > if ($i ~ /^Name:/) > print $i > else > print " "$i > } else > n++ > } while (getline > 0) > print " Members: "n-1 >}' > let ret+=$? > done > > return $ret >} > >case "$1" in > start) > [[ -f "$VAR_SUBSYS_IPSET" ]] && exit 0 > start > RETVAL=$? > ;; > stop) > [[ $IPSET_SAVE_ON_STOP = yes ]] && save > stop > RETVAL=$? > [[ $RETVAL -eq 6 ]] && { > echo -n $"${IPSET}: not running"; failure; echo > exit 0 > } > ;; > status) > status > RETVAL=$? > [[ $RETVAL -eq 6 ]] && { > echo -n $"${IPSET}: not running"; failure; echo > } > ;; > reload) > [[ $IPSET_SAVE_ON_RESTART = yes ]] && save > stop > RETVAL=$? > [[ $RETVAL -eq 6 ]] && { > echo -n $"${IPSET}: not running"; failure; echo > exit 0 >} > start > RETVAL=$? > ;; > restart|force-reload) > [[ $IPSET_SAVE_ON_RESTART = yes ]] && save > stop > start > RETVAL=$? > ;; > condrestart|try-restart) > [[ ! -e "$VAR_SUBSYS_IPSET" ]] && exit 0 > restart > RETVAL=$? > ;; > save) > save > RETVAL=$? > ;; > *) > echo $"Usage: $IPSET {start|stop|restart|condrestart|reload|save}" >&2 > exit 1 >esac > >exit $RETVAL
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 888571
:
666830
|
762314
|
783510
|
896041
| 908657