From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Mon, 14 Feb 2022 18:42:48 +0000 (+0100)
Subject: rules.pl: Destroy all ipset lists on rule reload.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d8868807506331a1c4fe160748fa0635bac2a95;p=people%2Fms%2Fipfire-2.x.git

rules.pl: Destroy all ipset lists on rule reload.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
---

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index f685d08a7f..da01b87750 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -31,6 +31,7 @@ require "${General::swroot}/location-functions.pl";
 my $DEBUG = 0;
 
 my $IPTABLES = "iptables --wait";
+my $IPSET = "ipset";
 
 # iptables chains
 my $CHAIN_INPUT           = "INPUTFW";
@@ -114,6 +115,9 @@ sub main {
 	# Flush all chains.
 	&flush();
 
+	# Destroy all existing ipsets.
+	run("$IPSET destroy");
+
 	# Prepare firewall rules.
 	if (! -z  "${General::swroot}/firewall/input"){
 		&buildrules(\%configinputfw);