You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
81 lines
2.4 KiB
81 lines
2.4 KiB
#!/bin/bash
|
|
# info: delete firewall ipset
|
|
# options: NAME
|
|
#
|
|
# example: v-delete-firewall-ipset country-nl
|
|
#
|
|
# This function removes ipset from system and from hestia
|
|
|
|
#----------------------------------------------------------#
|
|
# Variables & Functions #
|
|
#----------------------------------------------------------#
|
|
|
|
ip_name=${1}
|
|
|
|
# Includes
|
|
# shellcheck source=/etc/hestiacp/hestia.conf
|
|
source /etc/hestiacp/hestia.conf
|
|
# shellcheck source=/usr/local/hestia/func/main.sh
|
|
source $HESTIA/func/main.sh
|
|
# load config file
|
|
source_conf "$HESTIA/conf/hestia.conf"
|
|
|
|
#----------------------------------------------------------#
|
|
# Verifications #
|
|
#----------------------------------------------------------#
|
|
|
|
check_args '1' "$#" 'NAME'
|
|
is_format_valid 'ip_name'
|
|
is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
|
|
|
|
# Define variables for ipset configuration
|
|
ipset_hstobject='../../data/firewall/ipset'
|
|
is_object_valid "$ipset_hstobject" 'LISTNAME' "$ip_name"
|
|
ip_version="$(get_object_value "$ipset_hstobject" 'LISTNAME' "$ip_name" '$IP_VERSION')"
|
|
|
|
# Perform verification if read-only mode is enabled
|
|
check_hestia_demo_mode
|
|
|
|
IPSET_BIN="$(command -v ipset)"
|
|
IPSET_PATH="$HESTIA/data/firewall/ipset"
|
|
IPSET_FILE="${ip_name}.${ip_version}"
|
|
|
|
# Install ipset package if missing
|
|
if [ -z "$IPSET_BIN" ]; then
|
|
if [ -f '/etc/redhat-release' ]; then
|
|
dnf install -q -y ipset > /dev/null
|
|
else
|
|
apt-get --quiet --yes install ipset > /dev/null
|
|
fi
|
|
check_result $? "Installing IPset package"
|
|
|
|
IPSET_BIN="$(which ipset)"
|
|
check_result $? "IPset binary not found"
|
|
fi
|
|
|
|
#----------------------------------------------------------#
|
|
# Action #
|
|
#----------------------------------------------------------#
|
|
|
|
if $IPSET_BIN -quiet list "${ip_name}-tmp" > /dev/null; then
|
|
$IPSET_BIN -quiet destroy "${ip_name}-tmp"
|
|
fi
|
|
|
|
if $IPSET_BIN -quiet list "${ip_name}" > /dev/null; then
|
|
$IPSET_BIN -quiet destroy "${ip_name}"
|
|
check_result $? "ipset ${ip_name} still used by iptables. Cannot remove"
|
|
fi
|
|
|
|
sed -i "/LISTNAME='$ip_name'/d" "${IPSET_PATH}.conf"
|
|
rm -f "${IPSET_PATH}/${IPSET_FILE}.iplist"
|
|
|
|
#----------------------------------------------------------#
|
|
# Hestia #
|
|
#----------------------------------------------------------#
|
|
|
|
# Logging
|
|
$BIN/v-log-action "system" "Info" "Firewall" "IPset IP list deleted (Name: $ip_name)."
|
|
log_event "$OK" "$ARGUMENTS"
|
|
|
|
exit
|