Logging fixes

LIMIT variable is required for logging; set a sane default before loading configuration
Restore prior behavior where "log" keyword is first parameter on command line
This commit is contained in:
shonjir 2016-05-01 13:26:59 -07:00
parent 125a3ac74f
commit 2a70fcc587

View File

@ -4,6 +4,9 @@
# Pawel Krawczyk 2014-2015 # Pawel Krawczyk 2014-2015
# documentation https://github.com/kravietz/blacklist-scripts # documentation https://github.com/kravietz/blacklist-scripts
# iptables logging limit
LIMIT="10/minute"
# try to load config file # try to load config file
# it should contain one blacklist URL per line # it should contain one blacklist URL per line
@ -30,9 +33,6 @@ else
# by default all incoming/forwarding traffic is blocked # by default all incoming/forwarding traffic is blocked
# if this parameter is specified, only the specified ports will be blocked # if this parameter is specified, only the specified ports will be blocked
PORTS="22/tcp" PORTS="22/tcp"
# iptables logging limit
LIMIT="10/minute"
fi fi
link_set () { link_set () {
@ -106,7 +106,7 @@ set_name="manual-blacklist"
if ! ipset list | grep -q "Name: ${set_name}"; then if ! ipset list | grep -q "Name: ${set_name}"; then
ipset create "${set_name}" hash:net ipset create "${set_name}" hash:net
fi fi
link_set "${blocklist_chain_name}" "${set_name}" "$3" link_set "${blocklist_chain_name}" "${set_name}" "$1"
# download and process the dynamic blacklists # download and process the dynamic blacklists
for url in $URLS for url in $URLS
@ -176,7 +176,7 @@ do
# actually execute the set update # actually execute the set update
ipset -! -q restore < "${new_set_file}" ipset -! -q restore < "${new_set_file}"
link_set "${blocklist_chain_name}" "${set_name}" "$3" link_set "${blocklist_chain_name}" "${set_name}" "$1"
# clean up temp files # clean up temp files
rm "${unsorted_blocklist}" "${sorted_blocklist}" "${new_set_file}" "${headers}" rm "${unsorted_blocklist}" "${sorted_blocklist}" "${new_set_file}" "${headers}"