1 files changed, 60 insertions, 0 deletions

diff --git a/net-firewall/ipset/files/ipset.initd-r2 b/net-firewall/ipset/files/ipset.initd-r2
new file mode 100644
index 000000000000..e97ebe352069
--- /dev/null
+++ b/net-firewall/ipset/files/ipset.initd-r2
@@ -0,0 +1,60 @@
+#!/sbin/runscript
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_commands="save"
+
+IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save}
+
+depend() {
+    before iptables ip6tables
+}
+
+checkconfig() {
+    if [ ! -f "${IPSET_SAVE}" ] ; then
+        eerror "Not starting ${SVCNAME}. First create some rules then run:"
+        eerror "/etc/init.d/${SVCNAME} save"
+        return 1
+    fi
+    return 0
+}
+
+start() {
+    checkconfig || return 1
+    ebegin "Loading ipset session"
+    ipset restore < "${IPSET_SAVE}"
+    eend $?
+}
+
+stop() {
+    # check if there are any references to current sets
+
+    if ! ipset list | gawk '
+        ($1 == "References:") { refcnt += $2 }
+        ($1 == "Type:" && $2 == "list:set") { set = 1 }
+        (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } }
+        (set && $1 == "Members:") {scan = 1}
+        END { if ((refcnt - setcnt) > 0) exit 1 }
+    '; then
+        eerror "ipset is in use, can't stop"
+        return 1
+    fi
+
+    if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+        save || return 1
+    fi
+
+    ebegin "Removing kernel IP sets"
+    ipset flush
+    ipset destroy
+    eend $?
+}
+
+save() {
+    ebegin "Saving ipset session"
+    touch "${IPSET_SAVE}"
+    chmod 0600 "${IPSET_SAVE}"
+    ipset save > "${IPSET_SAVE}"
+    eend $?
+}