From 84a85274cc44be4f8092ad57c8c6c325f21579d4 Mon Sep 17 00:00:00 2001
From: Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
Date: Mon, 21 Aug 2023 10:31:31 -0700
Subject: [PATCH] add option to query specific set

---
 sbin/firewall-list-ruleset.sh | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/sbin/firewall-list-ruleset.sh b/sbin/firewall-list-ruleset.sh
index 90c4e4d..75318d2 100755
--- a/sbin/firewall-list-ruleset.sh
+++ b/sbin/firewall-list-ruleset.sh
@@ -1,7 +1,16 @@
 #!/bin/bash
 
 # firewalld is using nftables
-nft list table inet firewalld
+# call this script without any options to output the entire ruleset
+# or provide one argument as a "set" (e.g. "fail2ban") to return only that IP set.
+
+# if "set" arg is provided only return that info
+if [ -n "$1" ]; then
+  nft list set inet firewalld $1
+else
+  # no "set" specified, return entire table
+  nft list table inet firewalld
+fi
 
 # you can also export the current ruleset in json format:
 # nft -j list ruleset