Ensure the nftables script does not prematurely exit on any invalid input.
eg: If unblocking a set of IPs skip any not currently blocked instead of premature exit.
Signed-off-by: Grant Slater <github@firefishy.com>
for address in "$@"
do
case "$address" in
for address in "$@"
do
case "$address" in
- *.*) /usr/sbin/nft add element inet chef-filter ip-blocklist "{ $address }";;
- *:*) /usr/sbin/nft add element inet chef-filter ip6-blocklist "{ $address }";;
+ *.*) /usr/sbin/nft --check add element inet chef-filter ip-blocklist "{ $address }" && /usr/sbin/nft add element inet chef-filter ip-blocklist "{ $address }" ;;
+ *:*) /usr/sbin/nft --check add element inet chef-filter ip6-blocklist "{ $address }" && /usr/sbin/nft add element inet chef-filter ip6-blocklist "{ $address }" ;;
for address in "$@"
do
case "$address" in
for address in "$@"
do
case "$address" in
- *.*) /usr/sbin/nft delete element inet chef-filter ip-blocklist "{ $address }";;
- *:*) /usr/sbin/nft delete element inet chef-filter ip6-blocklist "{ $address }";;
+ *.*) /usr/sbin/nft --check delete element inet chef-filter ip-blocklist "{ $address }" && /usr/sbin/nft delete element inet chef-filter ip-blocklist "{ $address }" ;;
+ *:*) /usr/sbin/nft --check delete element inet chef-filter ip6-blocklist "{ $address }" && /usr/sbin/nft delete element inet chef-filter ip6-blocklist "{ $address }" ;;
- /usr/sbin/nft flush set inet chef-filter ip-blocklist
- /usr/sbin/nft flush set inet chef-filter ip6-blocklist
+ /usr/sbin/nft --check flush set inet chef-filter ip-blocklist && /usr/sbin/nft flush set inet chef-filter ip-blocklist
+ /usr/sbin/nft --check flush set inet chef-filter ip6-blocklist && /usr/sbin/nft flush set inet chef-filter ip6-blocklist