NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ipset] Minor non-blocking "sleep" bugs

from [Ismaël BALLO] [Permanent Link][Original]
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Subject: Re: [ipset] Minor non-blocking "sleep" bugs
From: Ismaël BALLO <isma.ballo@gmail.com>
Date: Thu, 29 Mar 2007 22:01:36 +0200
Cc: netfilter@lists.netfilter.org
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
In-reply-to: <Pine.LNX.4.64.0703291957540.14898@blackhole.kfki.hu>
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References: <513bde910703270005q2fe38dddp6ed5a4233a2c1c5d@mail.gmail.com> <513bde910703270656k3125b5bl1c20d063c622e45a@mail.gmail.com> <Pine.LNX.4.64.0703281855530.13447@blackhole.kfki.hu> <513bde910703290616t5f0b4b92m1caedb1da3dcddfc@mail.gmail.com> <Pine.LNX.4.64.0703291957540.14898@blackhole.kfki.hu>
Reply-to: isma.ballo@gmail.com
Sender: netfilter-bounces@lists.netfilter.org
User-agent: Thunderbird 1.5.0.10 (Windows/20070221) 
Jozsef Kadlecsik a écrit :

Hi,

On Thu, 29 Mar 2007, Ismaël BALLO wrote:


The compilation fails unless you put
u_int32_t  min_ip, max_ip; (instead of  __be32 )
in  KERNEL_DIR/ include/linux/netfilter_ipv4/ipt_iprange.h


That's an independent problem, not related to ipset ;-).

Ok.



When I want to flush and delete all rules.
(after ipset -U :all: :all: ; ipset -F ; ipset -X and iptables -D <on
appropriate rules using sets >)

Sometimes, references stays on some sets.
The order is important: you cannot destroy a set if you haven't deleted previously the iptables rule referencing the set. 


Sorru,  you're right.( I've written too quick ..)
But the problem is still there

1 - iptables -D <on all appropriate rules using sets > ...
2 - ipset -U :all: :all: ; ipset -F ; ipset -X

Sometimes, there still exists references.
How can we see them ?Is there a way to flush them ?

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ipset] Minor non-blocking "sleep" bugs, Jozsef Kadlecsik
Next by Date:  Re: stateful UDP with unknown source port on INPUT?, Martijn Lievaart
Previous by Thread:  Re: [ipset] Minor non-blocking "sleep" bugs, Jozsef Kadlecsik
Next by Thread:  Re: [ipset] Minor non-blocking "sleep" bugs, Jozsef Kadlecsik
Indexes:  [Date] [Thread] [Top] [All Lists]