Update `ipset` example

[neon-dev]

The ipset script looked to be designed so that it could be executed repeatedly without issues, due to the flush statement and -q parameters. However, doing so would generate duplicate iptables entries and temporarily disable the blocklist while new IPs were being fetched. The new script solves these issues and uses apt-get to avoid a CLI warning when executed from cron.

If this new example script is too complex I would instead suggest removing the ipset -q flush ipsum line and make it more clear that it's not a ready-to-deploy script.

PS: Thanks for your work and the constant updates, greatly appreciated.

[neon-dev]

@stamparm I think something went wrong or did you not want to update the readme with the latest force-push?

[stamparm]

@neon-dev repository is force cleaned each 24h, to prevent the build up of data (because of diffs). please write here what you wanted to suggest

[neon-dev]

Yes I know, that's why I expected your latest force-push would include some changes in the readme, but it didn't. This is the change I proposed: https://github.com/neon-dev/ipsum/commit/66afab0bf698bc66e1a81b5013fb29c2402bee9a

[stamparm]

can you please elaborate: However, doing so would generate duplicate iptables entries?

also, i don't see any issue in temporarily disable the blocklist while new IPs were being fetched, so will just ignore that part TBH

[stamparm]

it is clear enough from the following that it's not a ready-to-deploy script.:

[neon-dev]

can you please elaborate

Of course: It will only happen if you run the commands more than once, since iptables -I will insert a new rule each time. And because of the reasons I explained in the PR description, to me the script implied it should be safe to execute it multiple times.

[stamparm]

with latest revision:

[neon-dev]

Looks good, thanks 👍