* IPSET create exists issue
@ 2025-03-26 8:55 Rob Bloemers
2025-03-26 11:24 ` Jozsef Kadlecsik
0 siblings, 1 reply; 3+ messages in thread
From: Rob Bloemers @ 2025-03-26 8:55 UTC (permalink / raw)
To: netfilter-devel
Hi Netfilter,
Hope this is the correct list to email, else I’m eager to hear which route to take.
Using netfilter-persistent package on ubuntu an iptables restart gives error when reloading iptables and a ipset already exists. Afaics -exist ought to work, but it still returns error code 1 and systemctl perceives this as an error.
/usr/share/netfilter-persistent/plugins.d/10-ipset start
Which runs: ipset restore -exist < /etc/iptables/ipset
Still returns: ipset v7.15: Error in line 1: Set cannot be created: set with the same name already exists
ipset restore -exist < /etc/iptables/ipsets
ipset v7.15: Error in line 1: Set cannot be created: set with the same name already exists
ipset create -exist vxs hash:ip family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x9bb42fcc
ipset v7.15: Set cannot be created: set with the same name already exists
Also when directly using ipset create / restore I get an error where I expected it to be quiet because of the -exist.
Looking forward to your reply,
Respectfully
Rob Bloemers
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: IPSET create exists issue
2025-03-26 8:55 IPSET create exists issue Rob Bloemers
@ 2025-03-26 11:24 ` Jozsef Kadlecsik
2025-04-02 8:37 ` Rob Bloemers
0 siblings, 1 reply; 3+ messages in thread
From: Jozsef Kadlecsik @ 2025-03-26 11:24 UTC (permalink / raw)
To: Rob Bloemers; +Cc: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1443 bytes --]
Hi,
On Wed, 26 Mar 2025, Rob Bloemers wrote:
> Hope this is the correct list to email, else I’m eager to hear which
> route to take.
>
> Using netfilter-persistent package on ubuntu an iptables restart gives
> error when reloading iptables and a ipset already exists. Afaics -exist
> ought to work, but it still returns error code 1 and systemctl perceives
> this as an error.
>
> /usr/share/netfilter-persistent/plugins.d/10-ipset start
>
> Which runs: ipset restore -exist < /etc/iptables/ipset
> Still returns: ipset v7.15: Error in line 1: Set cannot be created: set
> with the same name already exists
>
> ipset restore -exist < /etc/iptables/ipsets
> ipset v7.15: Error in line 1: Set cannot be created: set with the same
> name already exists
>
> ipset create -exist vxs hash:ip family inet hashsize 1024 maxelem 65536
> bucketsize 12 initval 0x9bb42fcc
> ipset v7.15: Set cannot be created: set with the same name already
> exists
What is the definition of the already existing set? If it differs from the
one above, then the command fails even with the -exist flag specified: the
set definitions must be identical.
Best regards,
Jozsef
--
E-mail : kadlec@netfilter.org, kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.hu
Address: Wigner Research Centre for Physics
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: IPSET create exists issue
2025-03-26 11:24 ` Jozsef Kadlecsik
@ 2025-04-02 8:37 ` Rob Bloemers
0 siblings, 0 replies; 3+ messages in thread
From: Rob Bloemers @ 2025-04-02 8:37 UTC (permalink / raw)
To: Jozsef Kadlecsik; +Cc: netfilter-devel
Hi Jozsef,
Thanks for your reply again, you were correct the definition was changed, not exactly the same. The stored value missed the timeout
Kind Regards
Rob Bloemers
> On 26 Mar 2025, at 12:24, Jozsef Kadlecsik <kadlec@netfilter.org> wrote:
>
> Hi,
>
> On Wed, 26 Mar 2025, Rob Bloemers wrote:
>
>> Hope this is the correct list to email, else I’m eager to hear which
>> route to take.
>>
>> Using netfilter-persistent package on ubuntu an iptables restart gives
>> error when reloading iptables and a ipset already exists. Afaics -exist
>> ought to work, but it still returns error code 1 and systemctl perceives
>> this as an error.
>>
>> /usr/share/netfilter-persistent/plugins.d/10-ipset start
>>
>> Which runs: ipset restore -exist < /etc/iptables/ipset
>> Still returns: ipset v7.15: Error in line 1: Set cannot be created: set
>> with the same name already exists
>>
>> ipset restore -exist < /etc/iptables/ipsets
>> ipset v7.15: Error in line 1: Set cannot be created: set with the same
>> name already exists
>>
>> ipset create -exist vxs hash:ip family inet hashsize 1024 maxelem 65536
>> bucketsize 12 initval 0x9bb42fcc
>> ipset v7.15: Set cannot be created: set with the same name already
>> exists
>
> What is the definition of the already existing set? If it differs from the
> one above, then the command fails even with the -exist flag specified: the
> set definitions must be identical.
>
> Best regards,
> Jozsef
> --
> E-mail : kadlec@netfilter.org, kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.hu
> Address: Wigner Research Centre for Physics
> H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-04-02 8:38 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-26 8:55 IPSET create exists issue Rob Bloemers
2025-03-26 11:24 ` Jozsef Kadlecsik
2025-04-02 8:37 ` Rob Bloemers
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).