IPSET create exists issue

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* IPSET create exists issue
@ 2025-03-26  8:55 Rob Bloemers
  2025-03-26 11:24 ` Jozsef Kadlecsik
  0 siblings, 1 reply; 3+ messages in thread
From: Rob Bloemers @ 2025-03-26  8:55 UTC (permalink / raw)
  To: netfilter-devel

Hi Netfilter,

Hope this is the correct list to email, else I’m eager to hear which route to take.

Using netfilter-persistent package on ubuntu an iptables restart gives error when reloading iptables and a ipset already exists. Afaics -exist ought to work, but it still returns error code 1 and systemctl perceives this as an error.

/usr/share/netfilter-persistent/plugins.d/10-ipset start

Which runs: ipset restore -exist < /etc/iptables/ipset 
Still returns: ipset v7.15: Error in line 1: Set cannot be created: set with the same name already exists

ipset restore -exist < /etc/iptables/ipsets                                                              
ipset v7.15: Error in line 1: Set cannot be created: set with the same name already exists

ipset create -exist vxs hash:ip family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x9bb42fcc
ipset v7.15: Set cannot be created: set with the same name already exists

Also when directly using ipset create / restore I get an error where I expected it to be quiet because of the -exist.

Looking forward to your reply,
Respectfully 
Rob Bloemers

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: IPSET create exists issue
  2025-03-26  8:55 IPSET create exists issue Rob Bloemers
@ 2025-03-26 11:24 ` Jozsef Kadlecsik
  2025-04-02  8:37   ` Rob Bloemers
  0 siblings, 1 reply; 3+ messages in thread
From: Jozsef Kadlecsik @ 2025-03-26 11:24 UTC (permalink / raw)
  To: Rob Bloemers; +Cc: netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 1443 bytes --]

Hi,

On Wed, 26 Mar 2025, Rob Bloemers wrote:

> Hope this is the correct list to email, else I’m eager to hear which 
> route to take.
> 
> Using netfilter-persistent package on ubuntu an iptables restart gives 
> error when reloading iptables and a ipset already exists. Afaics -exist 
> ought to work, but it still returns error code 1 and systemctl perceives 
> this as an error.
> 
> /usr/share/netfilter-persistent/plugins.d/10-ipset start
> 
> Which runs: ipset restore -exist < /etc/iptables/ipset 
> Still returns: ipset v7.15: Error in line 1: Set cannot be created: set 
> with the same name already exists
> 
> ipset restore -exist < /etc/iptables/ipsets                                                              
> ipset v7.15: Error in line 1: Set cannot be created: set with the same 
> name already exists
> 
> ipset create -exist vxs hash:ip family inet hashsize 1024 maxelem 65536 
> bucketsize 12 initval 0x9bb42fcc
> ipset v7.15: Set cannot be created: set with the same name already 
> exists

What is the definition of the already existing set? If it differs from the 
one above, then the command fails even with the -exist flag specified: the 
set definitions must be identical.

Best regards,
Jozsef
-- 
E-mail : kadlec@netfilter.org, kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.hu
Address: Wigner Research Centre for Physics
         H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: IPSET create exists issue
  2025-03-26 11:24 ` Jozsef Kadlecsik
@ 2025-04-02  8:37   ` Rob Bloemers
  0 siblings, 0 replies; 3+ messages in thread
From: Rob Bloemers @ 2025-04-02  8:37 UTC (permalink / raw)
  To: Jozsef Kadlecsik; +Cc: netfilter-devel

Hi Jozsef,

Thanks for your reply again, you were correct the definition was changed, not exactly the same. The stored value missed the timeout 

Kind Regards
Rob Bloemers


> On 26 Mar 2025, at 12:24, Jozsef Kadlecsik <kadlec@netfilter.org> wrote:
> 
> Hi,
> 
> On Wed, 26 Mar 2025, Rob Bloemers wrote:
> 
>> Hope this is the correct list to email, else I’m eager to hear which 
>> route to take.
>> 
>> Using netfilter-persistent package on ubuntu an iptables restart gives 
>> error when reloading iptables and a ipset already exists. Afaics -exist 
>> ought to work, but it still returns error code 1 and systemctl perceives 
>> this as an error.
>> 
>> /usr/share/netfilter-persistent/plugins.d/10-ipset start
>> 
>> Which runs: ipset restore -exist < /etc/iptables/ipset 
>> Still returns: ipset v7.15: Error in line 1: Set cannot be created: set 
>> with the same name already exists
>> 
>> ipset restore -exist < /etc/iptables/ipsets                                                              
>> ipset v7.15: Error in line 1: Set cannot be created: set with the same 
>> name already exists
>> 
>> ipset create -exist vxs hash:ip family inet hashsize 1024 maxelem 65536 
>> bucketsize 12 initval 0x9bb42fcc
>> ipset v7.15: Set cannot be created: set with the same name already 
>> exists
> 
> What is the definition of the already existing set? If it differs from the 
> one above, then the command fails even with the -exist flag specified: the 
> set definitions must be identical.
> 
> Best regards,
> Jozsef
> -- 
> E-mail : kadlec@netfilter.org, kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.hu
> Address: Wigner Research Centre for Physics
>         H-1525 Budapest 114, POB. 49, Hungary



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-04-02  8:38 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-26  8:55 IPSET create exists issue Rob Bloemers
2025-03-26 11:24 ` Jozsef Kadlecsik
2025-04-02  8:37   ` Rob Bloemers

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).