Hi Jozsef, Thanks for your reply again, you were correct the definition was changed, not exactly the same. The stored value missed the timeout Kind Regards Rob Bloemers > On 26 Mar 2025, at 12:24, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx> wrote: > > Hi, > > On Wed, 26 Mar 2025, Rob Bloemers wrote: > >> Hope this is the correct list to email, else I’m eager to hear which >> route to take. >> >> Using netfilter-persistent package on ubuntu an iptables restart gives >> error when reloading iptables and a ipset already exists. Afaics -exist >> ought to work, but it still returns error code 1 and systemctl perceives >> this as an error. >> >> /usr/share/netfilter-persistent/plugins.d/10-ipset start >> >> Which runs: ipset restore -exist < /etc/iptables/ipset >> Still returns: ipset v7.15: Error in line 1: Set cannot be created: set >> with the same name already exists >> >> ipset restore -exist < /etc/iptables/ipsets >> ipset v7.15: Error in line 1: Set cannot be created: set with the same >> name already exists >> >> ipset create -exist vxs hash:ip family inet hashsize 1024 maxelem 65536 >> bucketsize 12 initval 0x9bb42fcc >> ipset v7.15: Set cannot be created: set with the same name already >> exists > > What is the definition of the already existing set? If it differs from the > one above, then the command fails even with the -exist flag specified: the > set definitions must be identical. > > Best regards, > Jozsef > -- > E-mail : kadlec@xxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx > Address: Wigner Research Centre for Physics > H-1525 Budapest 114, POB. 49, Hungary
