if there's saved configuration and ipset service was started, flushing ipset configuration followed by saving yields no results and returns exit code 0.

the quiet success of saving actually does not copy loaded configuration to saved configuration for future reloads. the end result is thus not the same as if there was any configuration present.

There is a simply solution for this:

ipset.start-stop:
-    [[ -z $(${IPSET_BIN} list -name) ]] && return 0
+    if [[ -z $(${IPSET_BIN} list -name) ]]; then
+       if [[ -f $IPSET_DATA ]]; then
+           mv $IPSET_DATA $IPSET_DATA.save && chmod 600 $IPSET_DATA.save \
+                   || return 1
+       fi
+       return 0
+    fi

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1904