[CentOS] Bug in init scripts for ipset?

[Tony Mountifield]

I've just started experimenting with ipset under CentOS 6, and have
found what appears to be a bug (or poor design) in the init scripts
for ipset, /etc/rc.d/init.d/ipset

In stop(), save() and status(), it does lsmod to check for the
existence of the ip_set module. If the module is not found, it
exits without performing any action.

This doesn't take account of a kernel where the ip_set code is compiled
in instead of being a loadable module. An example would be my CentOS 6
virtual machine at Linode. It has a Linode-compiled kernel 4.1.0 with
no separately-loaded modules. It certainly supports ipset, as I have
successfully tried some test rules. However, I wondered why giving the
command "service ipset save" didn't result in /etc/sysconfig/ipset being
written, and discovered the cause I described above.

Surely there should be a better way of determining whether the kernel
includes ipset support than just looking for a module?

Cheers
Tony
-- 
Tony Mountifield
Work: t...@softins.co.uk - http://www.softins.co.uk
Play: t...@mountifield.org - http://tony.mountifield.org
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bug in init scripts for ipset?

[Jonathan Billings]

On Thu, Sep 24, 2015 at 02:43:42PM +, Tony Mountifield wrote:
> I've just started experimenting with ipset under CentOS 6, and have
> found what appears to be a bug (or poor design) in the init scripts
> for ipset, /etc/rc.d/init.d/ipset

I suggest filing a bug against RHEL6 in https://bugzilla.redhat.com/
if you think it needs to be fixed.  CentOS just rebuilds the RHEL
sources. 

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos