Hello Peter, > Hello Stefan, > > thank you for submitting this. > > Is this an important fix that has to go into Core Update 167? Or can > it wait > until the next Core Update? This is not an urgent fix, we are fine to ship it with C168. Best regards, -Stefan > > Thanks, and best regards, > Peter Müller > > > > The array of used/loaded ipsets needs to be reloaded before > > the cleanup can be started to also handle sets which are loaded > > during > > runtime. > > > > Signed-off-by: Stefan Schantl > > --- > >  config/firewall/rules.pl | 14 +++++++++++--- > >  1 file changed, 11 insertions(+), 3 deletions(-) > > > > diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl > > index 649bd49f0..799b2667d 100644 > > --- a/config/firewall/rules.pl > > +++ b/config/firewall/rules.pl > > @@ -137,7 +137,7 @@ undef (@dummy); > >   > >  sub main { > >         # Get currently used ipset sets. > > -       &ipset_get_sets(); > > +       @ipset_used_sets = &ipset_get_sets(); > >   > >         # Flush all chains. > >         &flush(); > > @@ -993,6 +993,8 @@ sub firewall_chain_exists ($) { > >  } > >   > >  sub ipset_get_sets () { > > +       my @sets; > > + > >         # Get all currently used ipset lists and store them in an > > array. > >         my @output = `$IPSET -n list`; > >   > > @@ -1002,14 +1004,17 @@ sub ipset_get_sets () { > >                 chomp($set); > >   > >                 # Add the set the array of used sets. > > -               push(@ipset_used_sets, $set); > > +               push(@sets, $set); > >         } > >   > >         # Display used sets in debug mode. > >         if($DEBUG) { > >                 print "Used ipset sets:\n"; > > -               print "@ipset_used_sets\n\n"; > > +               print "@sets\n\n"; > >         } > > + > > +       # Return the array of sets. > > +       return @sets; > >  } > >   > >  sub ipset_restore ($) { > > @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) { > >  } > >   > >  sub ipset_cleanup () { > > +       # Reload the array of used sets. > > +       @ipset_used_sets = &ipset_get_sets(); > > + > >         # Loop through the array of used sets. > >         foreach my $set (@ipset_used_sets) { > >                 # Check if this set is still in use.