From 3d8868807506331a1c4fe160748fa0635bac2a95 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Mon, 14 Feb 2022 19:42:48 +0100
Subject: [PATCH] rules.pl: Destroy all ipset lists on rule reload.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/firewall/rules.pl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index f685d08a7f..da01b87750 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -31,6 +31,7 @@ require "${General::swroot}/location-functions.pl";
 my $DEBUG = 0;
 
 my $IPTABLES = "iptables --wait";
+my $IPSET = "ipset";
 
 # iptables chains
 my $CHAIN_INPUT           = "INPUTFW";
@@ -114,6 +115,9 @@ sub main {
 	# Flush all chains.
 	&flush();
 
+	# Destroy all existing ipsets.
+	run("$IPSET destroy");
+
 	# Prepare firewall rules.
 	if (! -z  "${General::swroot}/firewall/input"){
 		&buildrules(\%configinputfw);
-- 
2.39.5