thr3ads.net - netfilter buglog - [Bug 733] New: ipset restore won't restore from output of ipset save [Aug 2011]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.netfilter.org

2011-Aug-02 10:06 UTC

[Bug 733] New: ipset restore won't restore from output of ipset save

http://bugzilla.netfilter.org/show_bug.cgi?id=733

           Summary: ipset restore won't restore from output of ipset save
           Product: ipset
           Version: unspecified
          Platform: All
        OS/Version: Debian GNU/Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: default
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: francis.turner.threatstop at gmail.com
   Estimated Hours: 0.0





-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

bugzilla-daemon at bugzilla.netfilter.org

2011-Aug-02 10:10 UTC

head link

[Bug 733] ipset restore won't restore from output of ipset save

http://bugzilla.netfilter.org/show_bug.cgi?id=733





--- Comment #1 from Francis Turner <francis.turner.threatstop at
gmail.com>  2011-08-02 12:10:13 ---
Description appears blank - not sure why. reposting description here
(In reply to comment #0)> 
Using ipset 6.0 kernel 6 on vyatta 6.3 SE (a debian derivative) the following
output can be created using ipset save:

vyatta at vyatta:~$ sudo ipset save  >ipset.out 
vyatta at vyatta:~$ cat ipset.out 
create TSallowaddrnew hash:ip family inet hashsize 1024 maxelem 65536 
add TSallowaddrnew 64.87.26.147
create TSblocknetnew hash:net family inet hashsize 1024 maxelem 65536 
add TSblocknetnew 169.254.0.0/16
create TSallownetnew hash:net family inet hashsize 1024 maxelem 65536 
add TSallownetnew 24.249.204.0/29
create TSblockaddrnew hash:ip family inet hashsize 1024 maxelem 65536 
add TSblockaddrnew 0.0.0.1

when attempting to restore it the following errors are reported:
vyatta at vyatta:~$ sudo ipset restore <ipset.out 
ipset v6.0: Error in line 3: Syntax error: protocol family may not be specified
multiple times


if you pipe the output through sort -r then it works
i.e. ipset -S | sort -r >ipset.out
ipset -R <ipset.out

or
ipset -S >ipset.out
sort -r  <ipset.out | ipset -R

the sort works because ir puts all the create lines before the add lines

vyatta at vyatta:~$ sort -r <ipset.out                     
create TSblocknetnew hash:net family inet hashsize 1024 maxelem 65536 
create TSblockaddrnew hash:ip family inet hashsize 1024 maxelem 65536 
create TSallownetnew hash:net family inet hashsize 1024 maxelem 65536 
create TSallowaddrnew hash:ip family inet hashsize 1024 maxelem 65536 
add TSblocknetnew 169.254.0.0/16
add TSblockaddrnew 0.0.0.1
add TSallownetnew 24.249.204.0/29
add TSallowaddrnew 64.87.26.147

Vyatta/linux kernel/ipset versions


vyatta at vyatta:~$ show version
Version:      VSE6.3-2011.07.21
Description:  Vyatta Subscription Edition 6.3 2011.07.21
Copyright:    2006-2011 Vyatta, Inc.
Built by:     autobuild at vyatta.com
Built on:     Thu Jul 21 06:05:29 UTC 2011
Build ID:     1107210624-d7a3790
System type:  Intel 32bit Virtual
Boot via:     image
Hypervisor:   VirtualBox
Uptime:       10:04:14 up 11 min,  1 user,  load average: 0.00, 0.01, 0.03

vyatta at vyatta:~$ uname -a
Linux vyatta 2.6.37-1-586-vyatta-virt #1 SMP Thu Jul 7 22:30:24 PDT 2011 i686
GNU/Linux
vyatta at vyatta:~$ sudo ipset -v
ipset v6.0, protocol version: 6


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

bugzilla-daemon at bugzilla.netfilter.org

2011-Aug-10 09:48 UTC

head link

[Bug 733] ipset restore won't restore from output of ipset save

http://bugzilla.netfilter.org/show_bug.cgi?id=733


Jan Engelhardt <jengelh at medozas.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jengelh at medozas.de
         AssignedTo|netfilter-                  |kadlec at netfilter.org
                   |buglog at lists.netfilter.org  |




-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

bugzilla-daemon at bugzilla.netfilter.org

2011-Aug-10 12:23 UTC

head link

[Bug 733] ipset restore won't restore from output of ipset save

http://bugzilla.netfilter.org/show_bug.cgi?id=733


Jozsef Kadlecsik <kadlec at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




--- Comment #2 from Jozsef Kadlecsik <kadlec at netfilter.org>  2011-08-10
14:23:25 ---
The restore bug was fixed in ipset 6.6. Please upgrade to the newest version.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

Reasonably Related Threads

Search for more apparently analagous threads

netfilter buglog - Aug 2011 - [Bug 733] New: ipset restore won't restore from output of ipset save

[Bug 733] New: ipset restore won't restore from output of ipset save

[Bug 733] ipset restore won't restore from output of ipset save

[Bug 733] ipset restore won't restore from output of ipset save

[Bug 733] ipset restore won't restore from output of ipset save

Reasonably Related Threads