I have an ipset in-use for my firewall. It was created using set-type "nethash". Turns-out this list will only contain individual ip addresses, making set-type "iphash" more efficient (per man page, anyway).
I tried swapping the current list with a new one with the correct set-type, but this is apparently not allowed.
I also tried deleting the current list to recreate it with the different settings, but it is in-use by my firewall (as it should be).
Is there a way to force --swap an ipset? Or is there a way to change an existing set to a new set-type? I haven't been able to find a way.
Thanks.
Asked by user440618
(111 rep)
Nov 5, 2020, 02:58 PM