The array of used/loaded ipsets needs to be reloaded before the cleanup can be started to also handle sets which are loaded during runtime.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/firewall/rules.pl | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 649bd49f0..799b2667d 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -137,7 +137,7 @@ undef (@dummy);
sub main { # Get currently used ipset sets. - &ipset_get_sets(); + @ipset_used_sets = &ipset_get_sets();
# Flush all chains. &flush(); @@ -993,6 +993,8 @@ sub firewall_chain_exists ($) { }
sub ipset_get_sets () { + my @sets; + # Get all currently used ipset lists and store them in an array. my @output = `$IPSET -n list`;
@@ -1002,14 +1004,17 @@ sub ipset_get_sets () { chomp($set);
# Add the set the array of used sets. - push(@ipset_used_sets, $set); + push(@sets, $set); }
# Display used sets in debug mode. if($DEBUG) { print "Used ipset sets:\n"; - print "@ipset_used_sets\n\n"; + print "@sets\n\n"; } + + # Return the array of sets. + return @sets; }
sub ipset_restore ($) { @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) { }
sub ipset_cleanup () { + # Reload the array of used sets. + @ipset_used_sets = &ipset_get_sets(); + # Loop through the array of used sets. foreach my $set (@ipset_used_sets) { # Check if this set is still in use.