diff --git a/config b/config index 100f2bb..1876714 100644 --- a/config +++ b/config @@ -13,6 +13,8 @@ SET_MAXELEM=262144 # too low hashsize can cause memory allocation errors on low RAM systems , even if RAM is enough # too large hashsize will waste lots of RAM IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM" +# create_ipset hook +#IPSET_POST_HOOK="/etc/zapret.ipset.hook" # options for ip2net. "-4" or "-6" auto added by ipset create script IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4" diff --git a/ipset/create_ipset.sh b/ipset/create_ipset.sh index 84e6db0..143ff7c 100755 --- a/ipset/create_ipset.sh +++ b/ipset/create_ipset.sh @@ -90,13 +90,14 @@ create_ipset() FAMILY=inet fi ipset create $2 $3 $4 family $FAMILY 2>/dev/null || { - [ "$NO_UPDATE" = "1" ] && return + [ "$NO_UPDATE" = "1" ] && return 0 } ipset flush $2 [ "$DO_CLEAR" = "1" ] || { for f in "$5" "$6" ; do ipset_restore "$2" "$f" done + ipset_post_hook "$2" } return 0 } @@ -150,12 +151,12 @@ create_nfset() local policy [ $SAVERAM = "1" ] && policy="policy memory;" nft_create_set $2 "type ipv${1}_addr; size $3; flags interval; auto-merge; $policy" || { - [ "$NO_UPDATE" = "1" ] && return + [ "$NO_UPDATE" = "1" ] && return 0 nft flush set inet $ZAPRET_NFT_TABLE $2 } [ "$DO_CLEAR" = "1" ] || { nfset_restore $2 $4 $5 - return + ipset_post_hook "$2" } return 0 } @@ -180,7 +181,7 @@ create_ipfw_table() local name=$1 ipfw table "$name" create $2 2>/dev/null || { - [ "$NO_UPDATE" = "1" ] && return + [ "$NO_UPDATE" = "1" ] && return 0 } ipfw -q table $1 flush shift @@ -191,7 +192,9 @@ create_ipfw_table() populate_ipfw_table $name "$1" shift done + ipset_post_hook $name } + return 0 } print_reloading_backend() @@ -208,6 +211,11 @@ print_reloading_backend() echo $s } +ipset_post_hook() +{ + [ -n "$IPSET_POST_HOOK" ] && $IPSET_POST_HOOK "$1" +} + oom_adjust_high get_fwtype @@ -219,6 +227,7 @@ if [ -n "$LISTS_RELOAD" ] ; then else echo executing custom ip list reload command : $LISTS_RELOAD $LISTS_RELOAD + ipset_post_hook fi else case "$FWTYPE" in