Firewall ipset: abort adding/updating when preprcessing script fails, replace iplist file content with the script output

Lupul · Lupul · commit 8323fb7e9470 · 2020-07-31T20:22:04.000+03:00
diff --git a/bin/v-add-firewall-ipset b/bin/v-add-firewall-ipset
@@ -89,7 +89,9 @@ if [ ! -f "${IPSET_PATH}/${IPSET_FILE}.iplist" ] || [ "$force" = "yes" ]; then
         # Advanced: execute script with the same basename for aditional pre-processing
         # ex: 
         if [ -x "${IPSET_PATH}/${IPSET_FILE}.sh" ]; then 
-            setpriv --clear-groups --reuid nobody --regid nogroup -- ${IPSET_PATH}/${IPSET_FILE}.sh "$ip_name" "$iplist_tempfile"
+            preprocess_output="$(cat "$iplist_tempfile" | setpriv --clear-groups --reuid nobody --regid nogroup -- ${IPSET_PATH}/${IPSET_FILE}.sh "$ip_name" "$iplist_tempfile")"
+            check_result $? "Preprocessing script failed (${IPSET_FILE}.sh)"
+            [[ "$preprocess_output" ]] && echo "$preprocess_output" > "$iplist_tempfile"
         fi
 
     elif [[ "$data_source" =~ ^script:/ ]]; then
