mxrouterctl: Implement hash:ip ipsets

Support hash:net type ipsets Example: ipset('mpg-netze', 'hash:net', '/etc/local/mxrouter/blacklists/mpg-netze', 'counters'); [...] rule('filter', 'wisnet-out', '-d 141.14.16.17 -p tcp --dport 80 -m set --match-set mpg-netze src -j ACCEPT'); # ohb.molgen.mpg.de With the file containing CIDR-Addresses and comments: [...] 141.5.255.252/31 141.5.255.254/31 141.14.8.0/23 [...] This change was done locally on bka on 8.5.2025, than forgotten, than disted away but was luckily collected by pbackup :-)
mariux64 · May 13, 2025 · 6770fba · 6770fba
1 parent 1ae815d
commit 6770fba
Showing 1 changed file with 16 additions and 7 deletions.
diff --git a/mxrouter/mxrouterctl b/mxrouter/mxrouterctl
@@ -342,16 +342,25 @@ sub reload_ipsets {
 		my $tmp="$name-TMP";
 		warn "read ipset $name from $filename\n";
 		system('ipset','create',$tmp,$type,@options) and exit 1;
-		$type eq 'hash:ip' or die "read ipset type $type from file not implemented\n";
 		open my $in,'<',$filename or die "$filename: $!\n";
-		while (<$in>) {
-			s/#.*//;
-			/^\s*(\d+\.\d+\.\d+\.\d+)\s*$/ or next;
-			system('ipset','add',$tmp,$1) and exit 1;
-		}
+        if ($type eq 'hash:ip') {
+            while (<$in>) {
+                s/#.*//;
+                /^\s*(\d+\.\d+\.\d+\.\d+)\s*$/ or next;
+                system('ipset','add',$tmp,$1) and exit 1;
+            }
+        } elsif ($type eq 'hash:net') {
+            while (<$in>) {
+             s/#.*//;
+                /^\s*(\d+\.\d+\.\d+\.\d+\/\d+)\s*$/ or next;
+                system('ipset', 'add', $tmp, $1) and exit 1;
+            }
+        } else {
+            die "read ipset type $type from file not implemented\n";
+        }
 		system('ipset','swap',$name,$tmp) and exit 1;
 		system('ipset','destroy',$tmp) and exit 1;
-	}
+    }
 }
 
 our %radvd;		# ( 'net03' => 'AdvSendAdvert on;prefix 2a02:d480:e08:20::/64;' , ...)