Do not invoke update-ipset from update-firewall

A model where the two are completely independent is simpler to manage. The systemd unit will call update-ipset first, followed by update-firewall.

Do not invoke update-ipset from update-firewall
4bea984d · ale · e98ebee5 · 4bea984d · 4bea984d · 4bea984d
Commit 4bea984d authored 4 years ago by ale
--- a/conf-dist/filter.d/02ipset
+++ b/conf-dist/filter.d/02ipset
@@ -4,8 +4,6 @@
 # Reads the blacklists from:
 # /etc/firewall/blocked/{ip,net}/{ipv4,ipv6}/*

-update-ipset
-
 add_rule4 -A pre-input -m set --match-set block_ip src -j DROP
 add_rule6 -A pre-input -m set --match-set block_ip6 src -j DROP
 add_rule4 -A pre-input -m set --match-set block_net src -j DROP

--- a/debian/firewall.service
+++ b/debian/firewall.service
@@ -4,6 +4,7 @@ Description=Set up firewall
 [Service]
 Type=oneshot
 EnvironmentFile=-/etc/default/firewall
+ExecStart=/usr/sbin/update-ipset
 ExecStart=/usr/sbin/update-firewall

 [Install]

--- a/update-ipset
+++ b/update-ipset