From mboxrd@z Thu Jan  1 00:00:00 1970
From: Rob Brewer <ipfire-devel@grantura.co.uk>
To: development@lists.ipfire.org
Subject: Re: Duplicate ipsets listed with Locationblock changes.
Date: Thu, 09 Jun 2022 09:21:51 +0100
Message-ID: <t7saiv$81m$1@tuscan3.grantura.co.uk>
In-Reply-To: <e63ed50d071e8a0089b0f482e0ce5558dbf92eaa.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5784021983865977967=="
List-Id: <development.lists.ipfire.org>

--===============5784021983865977967==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Hi Stefaan,

On Wednesday 08 June 2022 20:32 Stefan Schantl wrote:

> Hello Rob,
> 
> a big thanks for testing and reporting this issue here.
> 
> The main problem has been fixed a while a ago and also merged into next
> and the current master branch. So this should be a part of the
> upcomming core update.
> 
> After a deeper look I've found that the "rules.pl" file is currently
> not shiiped by C168 so the fix would not deplyed.

I suspected it was a problem in the 'ipset_restore' function of rules.pl but 
didn't delve too deeply, so I'm pleased you have a fix already.

As a workround I have managed the number of county codes blocked to be an 
even number (excluding the  A1, A2, A3, and XD country codes), which seems 
to prevent duplicate ipsets being generated.

> 
> @Peter: Please add this file to the C168 filelist.
> 
> A big thanks in advance,
> 

I'm pleased I can be of some help.

> -Stefan

Rob

>> Hi All,
>> 
>> The tests below were made on my 'Testing' APU4 using CU 168 but as
>> Adolf has
>> found was identified as CU 167 in the GUI. However I am listing
>> duplicate
>> ipsets on my production 'Stable' APU4 with CU 167 installed.
>> 
>> Rob
>> 
>> On Tuesday 07 June 2022 15:51 Rob Brewer wrote:
>> 
>> > If I list the installed ipsets with 'ipset -n list' additional
>> > ipsets with
>> > the suffix 'v4' are sometimes listed. From what I can see this
>> > additional
>> > 'v4' list is the same size as the set without the 'v4' extension.
>> > 
>> > For instance: with just code AR selected with location-block.cgi:
>> > 
>> > [root(a)ipfire-dev2 ~]# ipset -n list
>> > ARv4
>> > AR
>> > (code AR id duplicated)
>> > 
>> > if I add code AT to AR and list the sets:
>> > [root(a)ipfire-dev2 ~]# ipset -n list
>> > AT
>> > AR
>> > (as expected)
>> > 
>> > and now add code AW to the other 2:
>> > [root(a)ipfire-dev2 ~]# ipset -n list
>> > ARv4
>> > AT
>> > AR
>> > ATv4
>> > AW
>> > (now codes AR and AT are duplicated)
>> > 
>> > I see this effect on both my core 167 boxes and wasn't aware of
>> > this
>> > problem before my upgrade from core 161.
>> > 
>> > Rob
>>


--===============5784021983865977967==--