From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 04/12] rules.pl: Destroy all ipset lists on rule reload.
Date: Tue, 15 Feb 2022 12:41:42 +0000
Message-ID: <57AC28ED-7999-416F-80F5-1E1F6A569EB2@ipfire.org>
In-Reply-To: <20220214184257.2406-4-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4516574247930169122=="
List-Id: <development.lists.ipfire.org>

--===============4516574247930169122==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello,

Looking at the other patchset that implements IP blocklists, could this inter=
fere with this in any way?

-Michael

> On 14 Feb 2022, at 18:42, Stefan Schantl <stefan.schantl(a)ipfire.org> wrot=
e:
>=20
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
> config/firewall/rules.pl | 4 ++++
> 1 file changed, 4 insertions(+)
>=20
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index f685d08a7..da01b8775 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -31,6 +31,7 @@ require "${General::swroot}/location-functions.pl";
> my $DEBUG =3D 0;
>=20
> my $IPTABLES =3D "iptables --wait";
> +my $IPSET =3D "ipset";
>=20
> # iptables chains
> my $CHAIN_INPUT           =3D "INPUTFW";
> @@ -114,6 +115,9 @@ sub main {
> 	# Flush all chains.
> 	&flush();
>=20
> +	# Destroy all existing ipsets.
> +	run("$IPSET destroy");
> +
> 	# Prepare firewall rules.
> 	if (! -z  "${General::swroot}/firewall/input"){
> 		&buildrules(\%configinputfw);
> --=20
> 2.30.2
>=20


--===============4516574247930169122==--