Hi. I wanted to use ipset (ipset v6.11, protocol version: 6) to load it's sets from a cluster wide distributed file, e.g. at boot, or every time that file changes. Now unfortunately it seems that ipset restore doesn't work as e.g. iptables restore does and seems to me therefore pretty much useless. ipset restore < file gives me errors about the sets already existing, but even with -exist it doesn't help a lot, because entries removed from the file, are not removed from the actual ipsets. So it seems as if ipset restore is not what the manpage describes (restore a session) but rather an additive merge of another session to the current one. Of course I understand that it could not delete sets which are in use, but at least it could empty them. Now when I use the following instead: ipset flush ipset destroy ipset restore < file To first flush all entries possibly no longer in the current version of file and to destroy all sets that got removed and that are no longer used... and only then reload the rules.... I have of course some time where even the sets that are in use are empty... and my connections will fail. So is there some workaround or who is the whole thing intended to be used? Thanks, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
