X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/ee42f14b0dfd0cc85ff1f76b3c366ce0ac158725..e92ed5e09215d67f2bd7dc21a32425d7ec5aa26f:/cookbooks/networking/templates/default/nftables.erb?ds=sidebyside diff --git a/cookbooks/networking/templates/default/nftables.erb b/cookbooks/networking/templates/default/nftables.erb index 778e57a21..363e84656 100644 --- a/cookbooks/networking/templates/default/nftables.erb +++ b/cookbooks/networking/templates/default/nftables.erb @@ -24,8 +24,8 @@ block() { for address in "$@" do case "$address" in - *.*) /usr/sbin/nft add element inet chef-filter ip-blocklist "{ $address }";; - *:*) /usr/sbin/nft add element inet chef-filter ip6-blocklist "{ $address }";; + *.*) /usr/sbin/nft --check add element inet chef-filter ip-blocklist "{ $address }" && /usr/sbin/nft add element inet chef-filter ip-blocklist "{ $address }" ;; + *:*) /usr/sbin/nft --check add element inet chef-filter ip6-blocklist "{ $address }" && /usr/sbin/nft add element inet chef-filter ip6-blocklist "{ $address }" ;; esac done } @@ -34,12 +34,17 @@ unblock() { for address in "$@" do case "$address" in - *.*) /usr/sbin/nft delete element inet chef-filter ip-blocklist "{ $address }";; - *:*) /usr/sbin/nft delete element inet chef-filter ip6-blocklist "{ $address }";; + *.*) /usr/sbin/nft --check delete element inet chef-filter ip-blocklist "{ $address }" && /usr/sbin/nft delete element inet chef-filter ip-blocklist "{ $address }" ;; + *:*) /usr/sbin/nft --check delete element inet chef-filter ip6-blocklist "{ $address }" && /usr/sbin/nft delete element inet chef-filter ip6-blocklist "{ $address }" ;; esac done } +flush() { + /usr/sbin/nft --check flush set inet chef-filter ip-blocklist && /usr/sbin/nft flush set inet chef-filter ip-blocklist + /usr/sbin/nft --check flush set inet chef-filter ip6-blocklist && /usr/sbin/nft flush set inet chef-filter ip6-blocklist +} + command=$1 shift @@ -49,6 +54,7 @@ case "$command" in reload) reload;; block) block "$@";; unblock) unblock "$@";; + flush) flush;; esac exit 0