Hi,
On Wed, 26 Mar 2025, Rob Bloemers wrote:
> Hope this is the correct list to email, else I’m eager to hear which
> route to take.
>
> Using netfilter-persistent package on ubuntu an iptables restart gives
> error when reloading iptables and a ipset already exists. Afaics -exist
> ought to work, but it still returns error code 1 and systemctl perceives
> this as an error.
>
> /usr/share/netfilter-persistent/plugins.d/10-ipset start
>
> Which runs: ipset restore -exist < /etc/iptables/ipset
> Still returns: ipset v7.15: Error in line 1: Set cannot be created: set
> with the same name already exists
>
> ipset restore -exist < /etc/iptables/ipsets
> ipset v7.15: Error in line 1: Set cannot be created: set with the same
> name already exists
>
> ipset create -exist vxs hash:ip family inet hashsize 1024 maxelem 65536
> bucketsize 12 initval 0x9bb42fcc
> ipset v7.15: Set cannot be created: set with the same name already
> exists
What is the definition of the already existing set? If it differs from the
one above, then the command fails even with the -exist flag specified: the
set definitions must be identical.
Best regards,
Jozsef
--
E-mail : kadlec@xxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx
Address: Wigner Research Centre for Physics
H-1525 Budapest 114, POB. 49, Hungary
