[Astlinux-commits] SF.net SVN: astlinux:[7831] branches/1.0/package/arnofw/ arnofw-0001-handle-ipset-errors.patch

[<abe...@us...>]

Revision: 7831
          http://sourceforge.net/p/astlinux/code/7831
Author:   abelbeck
Date:     2016-09-11 19:08:52 +0000 (Sun, 11 Sep 2016)
Log Message:
-----------
arnofw, add upstream patch, handle errors for ipset BLOCK_HOSTS and BLOCK_HOSTS_FILE

Added Paths:
-----------
    branches/1.0/package/arnofw/arnofw-0001-handle-ipset-errors.patch

Added: branches/1.0/package/arnofw/arnofw-0001-handle-ipset-errors.patch
===================================================================
--- branches/1.0/package/arnofw/arnofw-0001-handle-ipset-errors.patch	                        (rev 0)
+++ branches/1.0/package/arnofw/arnofw-0001-handle-ipset-errors.patch	2016-09-11 19:08:52 UTC (rev 7831)
@@ -0,0 +1,81 @@
+From d06e18113b683ff6b19810eae25db5e4dd11ce2e Mon Sep 17 00:00:00 2001
+From: Lonnie Abelbeck <lo...@ab...>
+Date: Sun, 11 Sep 2016 13:26:55 -0500
+Subject: [PATCH] added: handle errors for ipset BLOCK_HOSTS and
+ BLOCK_HOSTS_FILE
+
+---
+ bin/arno-iptables-firewall | 30 +++++++++++++++++++++++++++---
+ 1 file changed, 27 insertions(+), 3 deletions(-)
+
+diff --git a/bin/arno-iptables-firewall b/bin/arno-iptables-firewall
+index aacf489..0e8739b 100755
+--- a/bin/arno-iptables-firewall
++++ b/bin/arno-iptables-firewall
+@@ -4158,7 +4158,7 @@ setup_output_log()
+ ######################################
+ setup_hostblock_chain()
+ {
+-  local hashsize maxelem
++  local hashsize maxelem swap4_err=0 swap6_err=0
+ 
+   if iptables -F HOST_BLOCK_SRC 2>&1 |grep -q "No chain" || \
+      iptables -F HOST_BLOCK_DST 2>&1 |grep -q "No chain"; then
+@@ -4216,10 +4216,18 @@ if ipset_check; then
+         case $? in
+         4)
+           ipset add -exist aif_blocklist_tmp $host
++          if [ $? -ne 0 ]; then
++            swap4_err=1
++            RULE_WARNING=$((RULE_WARNING + 1))
++          fi
+           ;;
+         6)
+           if [ "$IPV6_SUPPORT" = "1" ]; then
+             ipset add -exist aif_blocklist6_tmp $host
++            if [ $? -ne 0 ]; then
++              swap6_err=1
++              RULE_WARNING=$((RULE_WARNING + 1))
++            fi
+           fi
+           ;;
+         esac
+@@ -4273,9 +4281,17 @@ if ipset_check; then
+       echo "$total_cnt host line(s) read"
+ 
+       ipset restore < "$IP4TABLES_BATCH_FILE"
++      if [ $? -ne 0 ]; then
++        swap4_err=1
++        RULE_WARNING=$((RULE_WARNING + 1))
++      fi
+       rm -f "$IP4TABLES_BATCH_FILE"
+       if [ "$IPV6_SUPPORT" = "1" ]; then
+         ipset restore < "$IP6TABLES_BATCH_FILE"
++        if [ $? -ne 0 ]; then
++          swap6_err=1
++          RULE_WARNING=$((RULE_WARNING + 1))
++        fi
+         rm -f "$IP6TABLES_BATCH_FILE"
+       fi
+     else
+@@ -4283,10 +4299,18 @@ if ipset_check; then
+     fi
+   fi
+ 
+-  ipset swap aif_blocklist aif_blocklist_tmp
++  if [ $swap4_err -eq 0 ]; then
++    ipset swap aif_blocklist aif_blocklist_tmp
++  else
++    printf "\033[40m\033[1;31mERROR: IPv4 \"ipset swap ...\" not applied.\033[0m\n" >&2
++  fi
+   ipset destroy aif_blocklist_tmp
+   if [ "$IPV6_SUPPORT" = "1" ]; then
+-    ipset swap aif_blocklist6 aif_blocklist6_tmp
++    if [ $swap6_err -eq 0 ]; then
++      ipset swap aif_blocklist6 aif_blocklist6_tmp
++    else
++      printf "\033[40m\033[1;31mERROR: IPv6 \"ipset swap ...\" not applied.\033[0m\n" >&2
++    fi
+     ipset destroy aif_blocklist6_tmp
+   fi
+ else

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.