[Bug 1405670] Re: iptables-persistent lacks support for ipset
** Changed in: iptables-persistent (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1405670 Title: iptables-persistent lacks support for ipset To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1405670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1405670] Re: iptables-persistent lacks support for ipset
** Changed in: iptables-persistent (Debian) Status: Incomplete => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1405670 Title: iptables-persistent lacks support for ipset To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1405670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1405670] Re: iptables-persistent lacks support for ipset
Latest version in Debian has support to save/restore ipsets, please test and report any bugs! thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1405670 Title: iptables-persistent lacks support for ipset To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1405670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1405670] Re: iptables-persistent lacks support for ipset
A good ipset plugin for netfilter-persistent : https://github.com/jordanrinke/ipsets-persistent -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1405670 Title: iptables-persistent lacks support for ipset To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1405670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1405670] Re: iptables-persistent lacks support for ipset
** Changed in: iptables-persistent (Debian) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1405670 Title: iptables-persistent lacks support for ipset To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1405670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1405670] Re: iptables-persistent lacks support for ipset
Unfortunately, this isn't as easy as it seems. iptables save/restore have very different semantics from ipset save/restore. iptables starts from an empty state and loads the specified rules. ipset on the other hand starts from the *CURRENT* state. At system boot time, this will be empty, so you will need to create ipsets and then populate them. Loading new rules errors out if you try to create a set that exists, destroy a set that either doesn't exist or is referenced by iptables, swap sets with one that doesn't exist, or rename to one that does exist. The right solution feels like making it like iptables restore where it populates rules and then swaps them into place, or changing semantics so that you have things like "destroy if exists" and have "save" emit that. Or "swap or rename" so that you could populate rules and then put them in place. My current plan is to make an /etc/ipset.d directory, and have files in there that do the delete or create and ignore them if they already exist. One file for each rule to make a known state, then the file that loads from the known state. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1405670 Title: iptables-persistent lacks support for ipset To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1405670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1405670] Re: iptables-persistent lacks support for ipset
FYI: Here's what I've ended up doing, and I create files for "00-flush", 2 files that are "01-create-servers.ignore" and "01-create-x-servers.ignore", then a "50-rules" that populates "x-servers" and swaps it to "servers", then destroys x-servers. ** Attachment added: "upstart file for loading ipset rules." https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1405670/+attachment/4457433/+files/ipset.conf -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1405670 Title: iptables-persistent lacks support for ipset To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1405670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1405670] Re: iptables-persistent lacks support for ipset
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: iptables-persistent (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1405670 Title: iptables-persistent lacks support for ipset To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1405670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1405670] Re: iptables-persistent lacks support for ipset
** Bug watch added: Debian Bug tracker #693177 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693177 ** Also affects: iptables-persistent (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693177 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1405670 Title: iptables-persistent lacks support for ipset To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1405670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1405670] Re: iptables-persistent lacks support for ipset
** Changed in: iptables-persistent (Debian) Status: Unknown = New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1405670 Title: iptables-persistent lacks support for ipset To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1405670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
