From 4a94fcfa0450b653c579118678da409b0f449259 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Tue, 12 May 2020 09:34:12 -0400 Subject: [PATCH 23/45] fix(ipset): flush the set if IndividiualCalls=yes Make sure we flush the set when creating. Otherwise a pre-existing set may have stale entries. Fixes: 81d784f8c856 ("test: ipset: verify clean up on exit/reload") (cherry picked from commit fab381045990f1c994d60c3f7c5813c576e60af1) (cherry picked from commit a512e55190210ecba57f0ccfda88d39ac3151d13) --- src/firewall/core/fw_ipset.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/firewall/core/fw_ipset.py b/src/firewall/core/fw_ipset.py index 68f016ba2222..90b24c6264c0 100644 --- a/src/firewall/core/fw_ipset.py +++ b/src/firewall/core/fw_ipset.py @@ -117,6 +117,11 @@ class FirewallIPSet(object): # no entries visible for ipsets with timeout continue + try: + backend.set_flush(obj.name) + except Exception as msg: + raise FirewallError(errors.COMMAND_FAILED, msg) + for entry in obj.entries: try: backend.set_add(obj.name, entry) -- 2.27.0