[Bug 733] ipset restore won't restore from output of ipset save

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Tue Aug 2 12:10:14 CEST 2011


http://bugzilla.netfilter.org/show_bug.cgi?id=733





--- Comment #1 from Francis Turner <francis.turner.threatstop at gmail.com>  2011-08-02 12:10:13 ---
Description appears blank - not sure why. reposting description here
(In reply to comment #0)
> 

Using ipset 6.0 kernel 6 on vyatta 6.3 SE (a debian derivative) the following
output can be created using ipset save:

vyatta at vyatta:~$ sudo ipset save  >ipset.out 
vyatta at vyatta:~$ cat ipset.out 
create TSallowaddrnew hash:ip family inet hashsize 1024 maxelem 65536 
add TSallowaddrnew 64.87.26.147
create TSblocknetnew hash:net family inet hashsize 1024 maxelem 65536 
add TSblocknetnew 169.254.0.0/16
create TSallownetnew hash:net family inet hashsize 1024 maxelem 65536 
add TSallownetnew 24.249.204.0/29
create TSblockaddrnew hash:ip family inet hashsize 1024 maxelem 65536 
add TSblockaddrnew 0.0.0.1

when attempting to restore it the following errors are reported:
vyatta at vyatta:~$ sudo ipset restore <ipset.out 
ipset v6.0: Error in line 3: Syntax error: protocol family may not be specified
multiple times


if you pipe the output through sort -r then it works
i.e. ipset -S | sort -r >ipset.out
ipset -R <ipset.out

or
ipset -S >ipset.out
sort -r  <ipset.out | ipset -R

the sort works because ir puts all the create lines before the add lines

vyatta at vyatta:~$ sort -r <ipset.out                     
create TSblocknetnew hash:net family inet hashsize 1024 maxelem 65536 
create TSblockaddrnew hash:ip family inet hashsize 1024 maxelem 65536 
create TSallownetnew hash:net family inet hashsize 1024 maxelem 65536 
create TSallowaddrnew hash:ip family inet hashsize 1024 maxelem 65536 
add TSblocknetnew 169.254.0.0/16
add TSblockaddrnew 0.0.0.1
add TSallownetnew 24.249.204.0/29
add TSallowaddrnew 64.87.26.147

Vyatta/linux kernel/ipset versions


vyatta at vyatta:~$ show version
Version:      VSE6.3-2011.07.21
Description:  Vyatta Subscription Edition 6.3 2011.07.21
Copyright:    2006-2011 Vyatta, Inc.
Built by:     autobuild at vyatta.com
Built on:     Thu Jul 21 06:05:29 UTC 2011
Build ID:     1107210624-d7a3790
System type:  Intel 32bit Virtual
Boot via:     image
Hypervisor:   VirtualBox
Uptime:       10:04:14 up 11 min,  1 user,  load average: 0.00, 0.01, 0.03

vyatta at vyatta:~$ uname -a
Linux vyatta 2.6.37-1-586-vyatta-virt #1 SMP Thu Jul 7 22:30:24 PDT 2011 i686
GNU/Linux
vyatta at vyatta:~$ sudo ipset -v
ipset v6.0, protocol version: 6


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.



More information about the netfilter-buglog mailing list