Refactor firewall rules creation

NethServer · Mar 20, 2024 · 5c7fdbc · 5c7fdbc
1 parent 693a45b
commit 5c7fdbc
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/imageroot/bin/firewall-rules b/imageroot/bin/firewall-rules
@@ -7,11 +7,11 @@
 
 action=$1
 if [[ $action == 'create-ipset' ]]; then
-    if [[ ! -f /etc/firewalld/ipsets/crowdsec-blacklists.xml ]]; then
-        firewall-cmd --permanent --new-ipset=crowdsec-blacklists --type=hash:ip --option="timeout=0" --option="maxelem=150000"
+    if ! ipset -L  crowdsec-blacklists >/dev/null 2>&1; then
+        ipset create crowdsec-blacklists hash:ip timeout 0 maxelem 150000
     fi
-    if [[ ! -f  /etc/firewalld/ipsets/crowdsec6-blacklists.xml ]]; then
-        firewall-cmd --permanent --new-ipset=crowdsec6-blacklists --option=family=inet6 --type=hash:ip --option="timeout=0" --option="maxelem=150000"
+    if ! ipset -L  crowdsec6-blacklists >/dev/null 2>&1; then
+        ipset create crowdsec6-blacklists hash:ip family inet6 timeout 0 maxelem 150000
     fi
     firewall-cmd --reload
 elif [[ $action == 'add-rule' ]]; then