bugzilla-daemon at netfilter.org
2024-Apr-20 23:20 UTC
[Bug 1750] New: 'ipset save' does not save in format loadable by systemd (it saves in 'ipset list' format)
https://bugzilla.netfilter.org/show_bug.cgi?id=1750
Bug ID: 1750
Summary: 'ipset save' does not save in format loadable by
systemd (it saves in 'ipset list' format)
Product: ipset
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: default
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: drankinatty at gmail.com
Created attachment 741
--> https://bugzilla.netfilter.org/attachment.cgi?id=741&action=edit
ipset save output snippet from '# ipset save'
This is a bug report submitted at the request of Archlinux to ipset upstream.
See corresponding Archlinux issue:
https://gitlab.archlinux.org/archlinux/packaging/packages/ipset/-/issues/2
The current problem is simple. The `ipset save' command is not provided the
'save' format that is loadable by systemd when the system is started.
Instead,
it 'ipset save' mirrors the format provided by `ipset list'` which
cannot be
loaded by systemd to restore the ipsets at boot (or iptables stop/start, etc..)
This does not match the documentation provided in man 8 ipset. There is a
rather odd workaround that can produce the proper save format. That is to use
the command:
ipset -o save save > /etc/ipset.conf
To say it is rather confusing to have to use `ipset -o save save' instead of
the documented 'ipset save' (or to derive that workaround from the man
page) is
an understatement. Sample output for the current 'ipset save' and the
correct
output produced by 'ipset -o save save' is provided in the Archlinux
gitlab
issue and an example is provided as an attachment here.
The bug is fairly self-explanatory. The 'ipset save' format wire got
somehow
crossed with the 'ipset list' format wire and that prevents 'ipset
save' from
outputting the proper format that can be used to create and restore the ipsets
on start.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240420/cd786795/attachment.html>
bugzilla-daemon at netfilter.org
2024-Apr-21 10:16 UTC
[Bug 1750] 'ipset save' does not save in format loadable by systemd (it saves in 'ipset list' format)
https://bugzilla.netfilter.org/show_bug.cgi?id=1750
Jozsef Kadlecsik <kadlec at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |kadlec at netfilter.org
Resolution|--- |FIXED
--- Comment #1 from Jozsef Kadlecsik <kadlec at netfilter.org> ---
It was fixed in ipset 7.21, please see changelog for example here:
https://ipset.netfilter.org/changelog.html
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240421/2b8c48ff/attachment.html>
bugzilla-daemon at netfilter.org
2024-Apr-21 10:30 UTC
[Bug 1750] 'ipset save' does not save in format loadable by systemd (it saves in 'ipset list' format)
https://bugzilla.netfilter.org/show_bug.cgi?id=1750
Phil Sutter <phil at nwl.cc> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |phil at nwl.cc
--- Comment #2 from Phil Sutter <phil at nwl.cc> ---
For the record, the fixing commit is:
commit 2024f63f774be32abcf8992f4dc28754990558a1
Author: Jozsef Kadlecsik <kadlec at netfilter.org>
Date: Sat Feb 3 21:49:48 2024 +0100
The "Fix hex literals in json output" broke save mode, restore it
Signed-off-by: Jozsef Kadlecsik <kadlec at netfilter.org>
So please ask Arch maintainers to either rebase to 7.21 or backport above fix.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240421/281a3e79/attachment.html>
bugzilla-daemon at netfilter.org
2024-Apr-22 03:41 UTC
[Bug 1750] 'ipset save' does not save in format loadable by systemd (it saves in 'ipset list' format)
https://bugzilla.netfilter.org/show_bug.cgi?id=1750 --- Comment #3 from drankinatty at gmail.com --- Thank you guys for the quick fix. Keep up the great work! -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240422/6b17df36/attachment.html>
Reasonably Related Threads
- [Bug 1081] New: /tmp/ccKT2Q7s.o: In function `help': ipset.c:(.text+0x27c): undefined reference to `ipset_envopts'
- [Bug 880] New: ipset doesn't refresh the timeout for an existing entry when the table is FULL.
- [Bug 719] New: ipset restore fails randomly
- [Bug 1369] New: ipset save|list -sorted sorts alphabetically instead of naturally
- [Bug 1719] New: ipset wrongly blocking undefined ranges and not blocking ranges that are defined