Re: [PATCH] rules.pl: Fix automatic ipset sets cleanup.

["Peter Müller" <peter.mueller@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 1825 bytes --]

Hello Stefan,

thank you for submitting this.

Is this an important fix that has to go into Core Update 167? Or can it wait
until the next Core Update?

Thanks, and best regards,
Peter Müller


> The array of used/loaded ipsets needs to be reloaded before
> the cleanup can be started to also handle sets which are loaded during
> runtime.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>  config/firewall/rules.pl | 14 +++++++++++---
>  1 file changed, 11 insertions(+), 3 deletions(-)
> 
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index 649bd49f0..799b2667d 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -137,7 +137,7 @@ undef (@dummy);
>  
>  sub main {
>  	# Get currently used ipset sets.
> -	&ipset_get_sets();
> +	@ipset_used_sets = &ipset_get_sets();
>  
>  	# Flush all chains.
>  	&flush();
> @@ -993,6 +993,8 @@ sub firewall_chain_exists ($) {
>  }
>  
>  sub ipset_get_sets () {
> +	my @sets;
> +
>  	# Get all currently used ipset lists and store them in an array.
>  	my @output = `$IPSET -n list`;
>  
> @@ -1002,14 +1004,17 @@ sub ipset_get_sets () {
>  		chomp($set);
>  
>  		# Add the set the array of used sets.
> -		push(@ipset_used_sets, $set);
> +		push(@sets, $set);
>  	}
>  
>  	# Display used sets in debug mode.
>  	if($DEBUG) {
>  		print "Used ipset sets:\n";
> -		print "@ipset_used_sets\n\n";
> +		print "@sets\n\n";
>  	}
> +
> +	# Return the array of sets.
> +	return @sets;
>  }
>  
>  sub ipset_restore ($) {
> @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) {
>  }
>  
>  sub ipset_cleanup () {
> +	# Reload the array of used sets.
> +	@ipset_used_sets = &ipset_get_sets();
> +
>  	# Loop through the array of used sets.
>  	foreach my $set (@ipset_used_sets) {
>  		# Check if this set is still in use.