[Bug 788] New: Allow saving to/restoring from a file without shell redirection

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Fri May 18 11:49:50 CEST 2012 

http://bugzilla.netfilter.org/show_bug.cgi?id=788

           Summary: Allow saving to/restoring from a file without shell
                    redirection
           Product: ipset
           Version: unspecified
          Platform: x86_64
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: default
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: bochecha at fedoraproject.org
   Estimated Hours: 0.0


In some environments, you don't have access to a full shell with input/output
redirection.

For those cases, being able to specify the file name on the command line would
be very useful, e.g something like:
    $ ipset save -of /etc/ipset/ipset.save
    $ ipset restore -if /etc/ipset/ipset.save

-----

One such environment is systemd. I'm maintaining the ipset package in Fedora,
and it would be nice to provide users a way to have their ipsets automatically
restored at boot time, and saved at shutdown.

In systemd, a unit file provides a command line to run in order to start or
stop the service with the ExecStart and ExecStop directives.

However, there's no input/output redirection available in systemd, so I can't
use:
    ExecStart=/usr/bin/ipset restore < /etc/ipset/ipset.save
    ExecStop=/usr/bin/ipset save > /etc/ipset/ipset.save

One solution is to use instead:
    ExecStart=/bin/sh -c "/usr/bin/ipset restore < /etc/ipset/ipset.save"
    ExecStop=/bin/sh -c "/usr/bin/ipset save > /etc/ipset/ipset.save"

But that's just ugly, and it means we fork a shell process just for the
redirection.

Another way is to use a wrapper script, something like (untested) :
    #!/bin/bash

    if [ $1 == "restore" ]; then
        /usr/bin/ipset restore < /etc/ipset/ipset.save
    elif [ $1 == "save" ]; then
        /usr/bin/ipset save > /etc/ipset/ipset.save
    else:
        echo "Invalid parameter: $1"
        exit 1

    exit 0

And then use:
    ExecStart=/path/to/wrapper-script restore
    ExecStop=/path/to/wrapper-script save

It's more elegant in the systemd service file, but we still introduce a new
bash process just for the redirection.

It would be much cleaner and efficient to have an option to specify the
input/output file in ipset.

That's the systemd use case, but I'm sure there might be other cases where such
an option would be desirable.

-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

More information about the netfilter-buglog mailing list