From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 04/12] rules.pl: Destroy all ipset lists on rule reload.
Date: Mon, 14 Feb 2022 19:42:48 +0100
Message-ID: <20220214184257.2406-4-stefan.schantl@ipfire.org>
In-Reply-To: <20220214184257.2406-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6507236111824733936=="
List-Id: <development.lists.ipfire.org>

--===============6507236111824733936==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/firewall/rules.pl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index f685d08a7..da01b8775 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -31,6 +31,7 @@ require "${General::swroot}/location-functions.pl";
 my $DEBUG = 0;
 
 my $IPTABLES = "iptables --wait";
+my $IPSET = "ipset";
 
 # iptables chains
 my $CHAIN_INPUT           = "INPUTFW";
@@ -114,6 +115,9 @@ sub main {
 	# Flush all chains.
 	&flush();
 
+	# Destroy all existing ipsets.
+	run("$IPSET destroy");
+
 	# Prepare firewall rules.
 	if (! -z  "${General::swroot}/firewall/input"){
 		&buildrules(\%configinputfw);
-- 
2.30.2


--===============6507236111824733936==--