From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Fri, 11 Feb 2022 20:25:50 +0000 (+0100)
Subject: rules.pl: Destroy all ipset lists on rule reload.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=365f4b477b1a39cff07e6c74e0b3bf38c83a83d0;p=people%2Fstevee%2Fipfire-2.x.git

rules.pl: Destroy all ipset lists on rule reload.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index f685d08a7f..da01b87750 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -31,6 +31,7 @@ require "${General::swroot}/location-functions.pl";
 my $DEBUG = 0;
 
 my $IPTABLES = "iptables --wait";
+my $IPSET = "ipset";
 
 # iptables chains
 my $CHAIN_INPUT           = "INPUTFW";
@@ -114,6 +115,9 @@ sub main {
 	# Flush all chains.
 	&flush();
 
+	# Destroy all existing ipsets.
+	run("$IPSET destroy");
+
 	# Prepare firewall rules.
 	if (! -z  "${General::swroot}/firewall/input"){
 		&buildrules(\%configinputfw);