What's new

How to create a persistent ipset ?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Denna

Senior Member
I'm trying to create a persistent ipset that is regularly backed up with a cron job.

The problem I'm running into is testing whether or not the "ipset restore" restore file exists.

Step 1
If the restore file doesn't exist, create the file: /path/LIST.sav with the following contents:

create LIST hash:ip family inet hashsize 1024 maxelem 65536 timeout 600
Step 2
If the restore file does exist, run the following command.

ipset restore < /path/LIST.sav
Solution:
Code:
if [ -s /path/LIST.sav ]
then
     ipset restore < /path/LIST.sav
else
     echo 'create LIST hash:ip family inet hashsize 1024 maxelem 65536 timeout 600' > /path/LIST.sav
     ipset restore < /path/LIST.sav
fi
Is there a better way to write this ?
 
Look at the file test operators here:
http://tldp.org/LDP/abs/html/fto.html

With
Code:
if [ -s /path/LIST.sav ]
You check if the file exists and is not empty. This is handy if you want to know if there is content in it.
If the file is empty it will return false, else true. Even a single space in the file will return as true.
Use the -f switch, this checks if the file physically exists and will return true or false.

So if the file does not exist:
Code:
if [ -f /path/LIST.sav ]
will will return false and will run your else code.

You can reverse that check with a NOT like this:
Code:
if ! [ -f /path/LIST.sav ]
Now if the file does not exist it returns true and your first code will run:
Code:
ipset restore < /path/LIST.sav

Now, to write to a file: > writes and overwrites a file, while >> appends to an existing file at the end.
So you'd need to do this:
Code:
if ! [ -f /path/LIST.sav ]
then
    ipset restore > /path/LIST.sav
to save it if the file does not exist.
If the file exists it will run your else function and restore it from file.
Of course, if you prefer you can still use the -s switch instead of the -f for the file check. It works both ways the same.
 
Now, to write to a file: > writes and overwrites a file, while >> appends to an existing file at the end.
So you'd need to do this:

Denna was actually right in their usage of the ipset restore command. (it feeds the data to stdin)

Code:
ipset restore < /path/LIST.sav

Which is also the same as;

Code:
ipset restore -f /path/LIST.sav


But to answer the OP's question, the only thing I'd possibly change is to use the built in IPSet commands to create the set vs echoing text to a file, your way isn't wrong, but its probably a "cleaner" solution. Then you can save it via;

Code:
ipset --save LIST > /path/LIST.sav
 
Last edited:
@Adamm I talk about the save to file part, not the restore.
 
I see now what OP wants, ignore what I posted.
 
@Adamm and @thelonelycoder,

Thanks for the help.​

Changed the command to:
Code:
ipset restore -f /path/LIST.sav
Why does the save command need the "--" prefix, but not the restore command ?​
 
@Adamm and @thelonelycoder,

Thanks for the help.​

Changed the command to:
Code:
ipset restore -f /path/LIST.sav
Why does the save command need the "--" prefix, but not the restore command ?​

Good question, I never really looked into it, turns out they can be used with or without --
 
Good question, I never really looked into it, turns out they can be used with or without --
Is that the long explicit switch, while -s could do something else, given the parameter/path?
curl, wget and others have them for specific purposes.
 
Is that the long explicit switch, while -s could do something else, given the parameter/path?
curl, wget and others have them for specific purposes.

Looked into it, the -- is for backwards compatibility with ipset 4.5 and lower as most commands changed during the rewrite. Both have identical functionality though on v6.x
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top