From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 04/12] rules.pl: Destroy all ipset lists on rule reload.
Date: Mon, 14 Feb 2022 21:02:54 +0000
Message-ID: <b2b0175a-1c90-9012-f134-de89bc20db70@ipfire.org>
In-Reply-To: <20220214184257.2406-4-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8319270500744037414=="
List-Id: <development.lists.ipfire.org>

--===============8319270500744037414==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>

> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>  config/firewall/rules.pl | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index f685d08a7..da01b8775 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -31,6 +31,7 @@ require "${General::swroot}/location-functions.pl";
>  my $DEBUG = 0;
>  
>  my $IPTABLES = "iptables --wait";
> +my $IPSET = "ipset";
>  
>  # iptables chains
>  my $CHAIN_INPUT           = "INPUTFW";
> @@ -114,6 +115,9 @@ sub main {
>  	# Flush all chains.
>  	&flush();
>  
> +	# Destroy all existing ipsets.
> +	run("$IPSET destroy");
> +
>  	# Prepare firewall rules.
>  	if (! -z  "${General::swroot}/firewall/input"){
>  		&buildrules(\%configinputfw);

--===============8319270500744037414==--