diff options
Diffstat (limited to 'net-firewall/ipset/files/ipset.initd-r2')
-rw-r--r-- | net-firewall/ipset/files/ipset.initd-r2 | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/net-firewall/ipset/files/ipset.initd-r2 b/net-firewall/ipset/files/ipset.initd-r2 new file mode 100644 index 000000000000..e97ebe352069 --- /dev/null +++ b/net-firewall/ipset/files/ipset.initd-r2 @@ -0,0 +1,60 @@ +#!/sbin/runscript +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +extra_commands="save" + +IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save} + +depend() { + before iptables ip6tables +} + +checkconfig() { + if [ ! -f "${IPSET_SAVE}" ] ; then + eerror "Not starting ${SVCNAME}. First create some rules then run:" + eerror "/etc/init.d/${SVCNAME} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ipset session" + ipset restore < "${IPSET_SAVE}" + eend $? +} + +stop() { + # check if there are any references to current sets + + if ! ipset list | gawk ' + ($1 == "References:") { refcnt += $2 } + ($1 == "Type:" && $2 == "list:set") { set = 1 } + (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } } + (set && $1 == "Members:") {scan = 1} + END { if ((refcnt - setcnt) > 0) exit 1 } + '; then + eerror "ipset is in use, can't stop" + return 1 + fi + + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + + ebegin "Removing kernel IP sets" + ipset flush + ipset destroy + eend $? +} + +save() { + ebegin "Saving ipset session" + touch "${IPSET_SAVE}" + chmod 0600 "${IPSET_SAVE}" + ipset save > "${IPSET_SAVE}" + eend $? +} |