The array of used/loaded ipsets needs to be reloaded before the cleanup can be started to also handle sets which are loaded during runtime.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/firewall/rules.pl | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 649bd49f0..799b2667d 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -137,7 +137,7 @@ undef (@dummy);
sub main { # Get currently used ipset sets. - &ipset_get_sets(); + @ipset_used_sets = &ipset_get_sets();
# Flush all chains. &flush(); @@ -993,6 +993,8 @@ sub firewall_chain_exists ($) { }
sub ipset_get_sets () { + my @sets; + # Get all currently used ipset lists and store them in an array. my @output = `$IPSET -n list`;
@@ -1002,14 +1004,17 @@ sub ipset_get_sets () { chomp($set);
# Add the set the array of used sets. - push(@ipset_used_sets, $set); + push(@sets, $set); }
# Display used sets in debug mode. if($DEBUG) { print "Used ipset sets:\n"; - print "@ipset_used_sets\n\n"; + print "@sets\n\n"; } + + # Return the array of sets. + return @sets; }
sub ipset_restore ($) { @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) { }
sub ipset_cleanup () { + # Reload the array of used sets. + @ipset_used_sets = &ipset_get_sets(); + # Loop through the array of used sets. foreach my $set (@ipset_used_sets) { # Check if this set is still in use.
Hello Stefan,
thank you for submitting this.
Is this an important fix that has to go into Core Update 167? Or can it wait until the next Core Update?
Thanks, and best regards, Peter Müller
The array of used/loaded ipsets needs to be reloaded before the cleanup can be started to also handle sets which are loaded during runtime.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
config/firewall/rules.pl | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 649bd49f0..799b2667d 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -137,7 +137,7 @@ undef (@dummy);
sub main { # Get currently used ipset sets.
- &ipset_get_sets();
@ipset_used_sets = &ipset_get_sets();
# Flush all chains. &flush();
@@ -993,6 +993,8 @@ sub firewall_chain_exists ($) { }
sub ipset_get_sets () {
- my @sets;
- # Get all currently used ipset lists and store them in an array. my @output = `$IPSET -n list`;
@@ -1002,14 +1004,17 @@ sub ipset_get_sets () { chomp($set);
# Add the set the array of used sets.
push(@ipset_used_sets, $set);
push(@sets, $set);}
# Display used sets in debug mode. if($DEBUG) { print "Used ipset sets:\n";
print "@ipset_used_sets\n\n";
print "@sets\n\n";- # Return the array of sets.
- return @sets;
}
sub ipset_restore ($) { @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) { }
sub ipset_cleanup () {
- # Reload the array of used sets.
- @ipset_used_sets = &ipset_get_sets();
- # Loop through the array of used sets. foreach my $set (@ipset_used_sets) { # Check if this set is still in use.
Hello Peter,
Hello Stefan,
thank you for submitting this.
Is this an important fix that has to go into Core Update 167? Or can it wait until the next Core Update?
This is not an urgent fix, we are fine to ship it with C168.
Best regards,
-Stefan
Thanks, and best regards, Peter Müller
The array of used/loaded ipsets needs to be reloaded before the cleanup can be started to also handle sets which are loaded during runtime.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
config/firewall/rules.pl | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 649bd49f0..799b2667d 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -137,7 +137,7 @@ undef (@dummy); sub main { # Get currently used ipset sets. - &ipset_get_sets(); + @ipset_used_sets = &ipset_get_sets(); # Flush all chains. &flush(); @@ -993,6 +993,8 @@ sub firewall_chain_exists ($) { } sub ipset_get_sets () { + my @sets;
# Get all currently used ipset lists and store them in an array. my @output = `$IPSET -n list`; @@ -1002,14 +1004,17 @@ sub ipset_get_sets () { chomp($set); # Add the set the array of used sets. - push(@ipset_used_sets, $set); + push(@sets, $set); } # Display used sets in debug mode. if($DEBUG) { print "Used ipset sets:\n"; - print "@ipset_used_sets\n\n"; + print "@sets\n\n"; }
+ # Return the array of sets. + return @sets; } sub ipset_restore ($) { @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) { } sub ipset_cleanup () { + # Reload the array of used sets. + @ipset_used_sets = &ipset_get_sets();
# Loop through the array of used sets. foreach my $set (@ipset_used_sets) { # Check if this set is still in use.
Acked-by: Peter Müller peter.mueller@ipfire.org
The array of used/loaded ipsets needs to be reloaded before the cleanup can be started to also handle sets which are loaded during runtime.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
config/firewall/rules.pl | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 649bd49f0..799b2667d 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -137,7 +137,7 @@ undef (@dummy);
sub main { # Get currently used ipset sets.
- &ipset_get_sets();
@ipset_used_sets = &ipset_get_sets();
# Flush all chains. &flush();
@@ -993,6 +993,8 @@ sub firewall_chain_exists ($) { }
sub ipset_get_sets () {
- my @sets;
- # Get all currently used ipset lists and store them in an array. my @output = `$IPSET -n list`;
@@ -1002,14 +1004,17 @@ sub ipset_get_sets () { chomp($set);
# Add the set the array of used sets.
push(@ipset_used_sets, $set);
push(@sets, $set);}
# Display used sets in debug mode. if($DEBUG) { print "Used ipset sets:\n";
print "@ipset_used_sets\n\n";
print "@sets\n\n";- # Return the array of sets.
- return @sets;
}
sub ipset_restore ($) { @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) { }
sub ipset_cleanup () {
- # Reload the array of used sets.
- @ipset_used_sets = &ipset_get_sets();
- # Loop through the array of used sets. foreach my $set (@ipset_used_sets) { # Check if this set is still in use.
-
Peter Müller -
Stefan Schantl