Description of problem:
after creating an firewalld ipset using --new-ipset in permanent mode and subsequent service start and stop, the defined ipset remains active in kernel and is visible via ipset list
the behaviour is same if iptables or nftables backend is used
Version-Release number of selected component (if applicable):
Steps to Reproduce:
firewall-cmd --new-ipset fwdset --permanent --type hash:ip
firewall-cmd --ipset fwdset --permanent --add-entry 192.0.2.10
restart firewalld and stop it
ipset list still shows 'fwdset' and it's entry
ipset remains in memory
any additional entries are wiped upon service start
ipset is destroyed like in previous versions?
81d784f8c856 ("test: ipset: verify clean up on exit/reload")
f5ed30ce7175 ("fix: ipset: destroy runtime sets on reload/stop")
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (firewalld bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.