#===========================================================
#=======	... Do NOT change anything below ...	====
#===========================================================
# Function library for all dynloaders, modules & programs
#
# All iptables stuff is removed and encapsulated in 
#     « api/bash/iptables.bashlib »
# and only kept for historic reasons
#===========================================================

#
# Create an ipset with DROP target
# $1 is the ipset to be created
mk-ipset() {
local funtag="[${FUNCNAME[0]}]"
local	setname=$1
local	settype=$2

	case $FIREWALL in
		iptables)
			$IPSET -exist create $*

			if $IPTABLES -t filter -C INPUT   -m set --match-set $setname src -j DROP >/dev/null 2>&1
			then : echo "$setname already linked with xtables"
			else $IPTABLES -t filter -I INPUT   -m set --match-set $setname src -j DROP >/dev/null 2>&1
			fi

			if $IPTABLES -t filter -C FORWARD -m set --match-set $setname src -j DROP >/dev/null 2>&1
			then : echo "$setname already linked with xtables"
			else $IPTABLES -t filter -I FORWARD -m set --match-set $setname src -j DROP >/dev/null 2>&1
			fi
		;;
		firewalld)	# DON'T USE !!!!
			trace	"Error - firewalld illegal with iptables ..."
		;;
		*)	logger	"[$ME:$$] Error - firewall unknown ..."
			trace	"Error - firewall unknown ..."
	;;
	esac
}