-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 12/02/2016 08:45 AM, Brian J. Murrell wrote: > On Wed, 2016-11-30 at 13:58 -0800, Tom Eastep wrote: >> >> This is the same behavior as on Shorewall and Shorewall6. If you >> have SAVE_IPSETS configured and you want to restore an old config >> with the firewall running, > > Is the point here to prevent overwriting the current ipsets with > old ones? >
The point is that the old ipset may have a different definition (set type and/or options). Because the set it in-use, it cannot be deleted and re-created with the correct type and options. This problem is solvable using the 'ipset rename' command, but the possible failure cases are somewhat daunting to handle. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYQbTtAAoJEJbms/JCOk0QEpYQAMN94AOGNmhMrt1rj4HSQsr5 BTekOXILo6z6H4JJvfOCdXpVyRgyketudGe8KELyJyl2iiE8vrD2MxCe77pE0KJ+ XbnEdJXqFgkSKRwhLznFXJjeHV4A9GarIZU4gF+0MibCFlfkbW5w8JFq0+QJPyOa Ggyuw3flAYvscOFRjXMxx62UsoEhb8PxgFN7GYu/z9D0aqss58weaIa0fhFb0J6k 8jg5I4/XlPVDxGGRf2NhWEad15lygrU/jZmKZGIX5AoPNvDBcEjVAHyDT12ChSWN V8uiPDPSp5ciOwmB1NALgIWPZb2AieD6Dr9VnlqxsogwUkUZsfSAj0vK3x/T1OUh GTcQfHgY7z3zFEPbk41Po0M11Ttcb6i3s5WDBNqWkLRmi9nyD9lnS/2kj7g37AvI +kQu1bzGbOO8Wp1Yq0T6ecqp02rswr44j974lindzSnqw/2UWnd1gzfNKY6CJRFI /jCw8rRbbjnMLbsWlEq89boLGIscZKM1G3/3lpPQLi2f7x6NYPE15LDSZFlRBL++ zQx9WRr0UiAQpZtD5Bx4nmp1B2x2RC2tmD4l1yzrTT315zS5kc4yCLmN7bQiUnrt rTpzNHhe9lblI8dm4UIpJ2qQgwkbcwe0hUQiK5LEKzRB9+fLzbFchjXHzP0FLmpB RoEDmryKWvTmarp6A37Z =v2lO -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
