airdogvan
commented
3 years ago Ok forget about it, ipset flush does flush the set, the reference in iptables remains but as there's nothing in the set, no damage done. And it also means that your script can be run daily.
Unless I don't understand correctly running the provided script is going to add all list entries >? to ipsum.
This list being updated regularly if I run the script today and then again tomorrow doesn't this add again ALL entries to ipsum, making double, and the following day triple, etc entries?
So again, unless I'm missing something, for this to be always up to date on my server there would need to be a script that runs a diff between newly downloaded file and the one downloaded the previous day and extract new entries that then would be added to ipsum.
Otherwise after a few weeks this list will be obsolete and useless.
I noticed the ipset -q flush ipsum but I thought that if the rules were used by iptables (iptables -I INPUT -m set --match-set ipsum src -j DROP) the ipset would NOT be flushed.
Please correct me if I'm wrong.