Make ipset set size configurable

config

@@ -7,6 +7,8 @@ lanbro=192.168.1.255
 ## badips.com ##
 # ipset name
 banset=badips
+# set size, default 65536
+badmaxelems=131072
 # 0 - 5 , 0 will ban max
 banlevel=0
 # ban time in seconds,  1 week =  604800,  1 day = 86400
@@ -19,12 +21,16 @@ banservice=any
 ## whitenets ##
 #ipset name
 whiteset=goodips
+# set size, default 65536
+whitemaxelems=65536
 # default ttl
 whitettl=172800
 
 ## scannets ##
 #ipset name
 scanset=scanips
+# set size, default 65536
+scanmaxelems=65536
 # default ttl
 scanttl=172800
 

e-router

@@ -101,7 +101,7 @@ setup_base() {
 }
 
 setup_whitenets() {
-    ipset create -! $whiteset hash:net hashsize 4096 timeout $whitettl
+    ipset create -! $whiteset hash:net hashsize 4096 timeout $whitettl maxelem $whitemaxelems
     while read -r net ; do
         [[ "$net" =~ ^[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.[0-9]{1,}/[0-9]{1,}$ ]] || continue
         ipset -! add  $whiteset $net timeout 0
@@ -109,13 +109,13 @@ setup_whitenets() {
 }
 
 setup_badips() {
-    ipset create -! $banset hash:ip hashsize 4096 timeout $banttl
+    ipset create -! $banset hash:ip hashsize 4096 timeout $banttl  maxelem $badmaxelems
     iptables -A INPUT -i ${wan} -p udp -m set --match-set $banset src -m conntrack --ctstate NEW --ctproto UDP -j REJECT --reject-with icmp-port-unreachable
     iptables -A INPUT -i ${wan} -p tcp -m set --match-set $banset src -m conntrack --ctstate NEW --ctproto TCP -j REJECT --reject-with tcp-reset
 }
 
 setup_scanips() {
-    ipset create -! $scanset hash:ip hashsize 4096 timeout $scanttl
+    ipset create -! $scanset hash:ip hashsize 4096 timeout $scanttl  maxelem $scanmaxelems
     iptables -A INPUT -i ${wan} -p udp -m set --match-set $scanset src -m conntrack --ctstate NEW --ctproto UDP -j REJECT --reject-with icmp-port-unreachable
     iptables -A INPUT -i ${wan} -p tcp -m set --match-set $scanset src -m conntrack --ctstate NEW --ctproto TCP -j REJECT --reject-with tcp-reset
 }