Fix when drop is already default zone

Without this no ipsets are blocked

Signed-off-by: Tad <tad@spotco.us>

README.md

@@ -11,10 +11,11 @@ Use
 - Choose the lists you want enabled at the top of scfw3.sh
 - `$ sudo sh scfw3.sh enable`
 - `$ sudo sh scfw3.sh disable`
+- Or place in /etc/cron.daily/0scfw with bottom bits edited to enableforce
 
 Known Issues
 ------------
-- You must set FirewallBackend to iptables, see https://github.com/firewalld/firewalld/issues/738
+- You must set FirewallBackend to iptables for firewalld <1.3.1, see https://github.com/firewalld/firewalld/issues/738
 
 Credits
 -------

scfw3.sh

@@ -43,7 +43,7 @@ importListToFirewall() {
 	firewall-cmd --permanent --delete-ipset="$name" &>/dev/null || true;
 	firewall-cmd --permanent --new-ipset="$name" --type=hash:net --option=maxelem=200000 --option=hashsize=16384 $inet;
 	firewall-cmd --permanent --ipset="$name" --add-entries-from-file="$name".ipset;
-	firewall-cmd --permanent --zone=drop --add-source=ipset:"$name";
+	firewall-cmd --permanent --zone=scfw --add-source=ipset:"$name";
 	unset inet;
 	sleep 2;
 }
@@ -64,9 +64,16 @@ removeAllowedEntries() {
 }
 
 loadLists() {
+	#Remove old lists+zone
+	clearLists;
+
 	#Create the needed directories
 	createWorkDirectory;
 
+	#Setup the zone
+	firewall-cmd --new-zone=scfw --permanent;
+	firewall-cmd --zone=scfw --set-target=DROP --permanent
+
 	for list in "${blockedLists[@]}"
 	do
 		importListToFirewall "$list" "https://iplists.firehol.org/files/$list.netset";
@@ -94,6 +101,11 @@ clearLists() {
 		firewall-cmd --permanent --delete-ipset="country-block-v6-$list" &>/dev/null || true;
 	done;
 
+	#Delete the zone
+	firewall-cmd --delete-zone=scfw --permanent;
+
+	#Reload to apply
+	firewall-cmd --reload;
 	echo "[SCFW3] Unloaded";
 }