update-firewall maybe should run update-ipset

If you drop something into /etc/firewall/blocked... and then expect that update-firewall will put it into place, you would be wrong and confused that your new ip/netblock is not listed anywhere. You actually need to run update-ipset to get it added to the ipset.

I think its fine to have to run update-ipset, but then one needs to write a separate handler for running that, if one remembers that one needs to run that more specific command, when update-firewall kind of feels intuitively the one you would run to get that updated.

Its pretty minor, I just got bit by this twice, and had to remember that I needed to run update-ipset instead of update-firewall, and now that I've run into it twice, maybe I wont again. Besides, running update-firewall might be more churn than necessary when you just want to update the ipset?

I leave this here for you to decide if its worth doing or not.