Only set ldap allowlist if file exists and is not empty

setup/start/cloudron-firewall.sh

@@ -36,13 +36,23 @@ if allowed_udp_ports=$(node -e "console.log(JSON.parse(fs.readFileSync('${ports_
     done
 fi
 
-# first setup any user IP block lists
 ipset create cloudron_ldap_allowlist hash:net || true
-/home/yellowtent/box/src/scripts/setldapallowlist.sh
+ipset flush cloudron_ldap_allowlist
 
-# ldap server we expose 3004 and also redirect from standard ldaps port 636
-iptables -t nat -I PREROUTING -p tcp --dport 636 -j REDIRECT --to-ports 3004
-iptables -t filter -A CLOUDRON -m set --match-set cloudron_ldap_allowlist src -p tcp --dport 3004 -j ACCEPT
+ldap_allowlist_json="/home/yellowtent/platformdata/firewall/ldap_allowlist.txt"
+if [[ -f "${ldap_allowlist_json}" ]]; then
+
+    # without the -n block, any last line without a new line won't be read it!
+    while read -r line || [[ -n "$line" ]]; do
+        [[ -z "${line}" ]] && continue # ignore empty lines
+        [[ "$line" =~ ^#.*$ ]] && continue # ignore lines starting with #
+        ipset add -! cloudron_ldap_allowlist "${line}" # the -! ignore duplicates
+    done < "${ldap_allowlist_json}"
+
+    # ldap server we expose 3004 and also redirect from standard ldaps port 636
+    iptables -t nat -I PREROUTING -p tcp --dport 636 -j REDIRECT --to-ports 3004
+    iptables -t filter -A CLOUDRON -m set --match-set cloudron_ldap_allowlist src -p tcp --dport 3004 -j ACCEPT
+fi
 
 # turn and stun service
 iptables -t filter -A CLOUDRON -p tcp -m multiport --dports 3478,5349 -j ACCEPT