问题描述

如下，初始创建了若干个set，每个set下若干条目，

[email protected]:~# cat /etc/ipset.conf
add private-nets-set 172.31.0.0/16

create private-hosts-set hash:ip family inet hashsize 1024 maxelem 65536
add private-hosts-set 172.31.94.229

create output-host-port-set hash:ip,port family inet hashsize 1024 maxelem 65536
add output-host-port-set 172.31.94.229,tcp:80

维护/etc/ipset.conf文件，并调用ipset restore命令应用它，

发现 172.31.94.228,tcp:80 这条原来已有的条目并未被移除。查看ipset restore手册：

问题解决

ipset swap可以将两个set的内容交换。

因此可以创建临时set，将期望的条目创建好，然后让其与正式set交换即可。

[email protected]:~# cat /etc/ipset.conf
create private-nets-set     hash:net family inet hashsize 1024 maxelem 65536
create private-nets-set-tmp hash:net family inet hashsize 1024 maxelem 65536
destroy private-nets-set-tmp
create private-nets-set-tmp hash:net family inet hashsize 1024 maxelem 65536
add private-nets-set-tmp 172.31.0.0/16
swap private-nets-set-tmp private-nets-set
destroy private-nets-set-tmp

create private-hosts-set     hash:ip family inet hashsize 1024 maxelem 65536
create private-hosts-set-tmp hash:ip family inet hashsize 1024 maxelem 65536
destroy private-hosts-set-tmp
create private-hosts-set-tmp hash:ip family inet hashsize 1024 maxelem 65536
add private-hosts-set-tmp 172.31.94.229
swap private-hosts-set-tmp private-hosts-set
destroy private-hosts-set-tmp

create output-host-port-set     hash:ip,port family inet hashsize 1024 maxelem 65536
create output-host-port-set-tmp hash:ip,port family inet hashsize 1024 maxelem 65536
destroy output-host-port-set-tmp
create output-host-port-set-tmp hash:ip,port family inet hashsize 1024 maxelem 65536
add output-host-port-set-tmp 172.31.94.229,tcp:80
swap output-host-port-set-tmp output-host-port-set
destroy output-host-port-set-tmp

执行ipset restore看前后效果，