- # Clean up
- iptables = "/sbin/iptables -t MANGLE %s POSTROUTING"
- run(iptables % "-F")
- run("/sbin/ipset -X " + group_name)
-
- # Create a hashed IP set of all of these destinations
- lines = ["-N %s iphash" % group_name]
- add_cmd = "-A %s " % group_name
- lines += [(add_cmd + ip) for ip in node_ips]
- lines += ["COMMIT"]
- restore = "\n".join(lines) + "\n"
- run("/sbin/ipset -R", restore)
-
- # Add rule to match on destination IP set
- run((iptables + " -m set --set %s dst -j CLASSIFY --set-class 1:%x") %
- ("-A", group_name, exempt_minor))
+ # Check of set exists
+ set = run("/sbin/ipset -S " + group_name)
+ if set == None:
+ # Create a hashed IP set of all of these destinations
+ lines = ["-N %s iphash" % group_name]
+ add_cmd = "-A %s " % group_name
+ lines += [(add_cmd + ip) for ip in node_ips]
+ lines += ["COMMIT"]
+ restore = "\n".join(lines) + "\n"
+ run("/sbin/ipset -R", restore)
+ else: # set exists
+ # Check all hosts and add missing.
+ for nodeip in node_ips:
+ if not run("/sbin/ipset -T %s %s" % (group_name, nodeip)):
+ run("/sbin/ipset -A %s %s" % (group_name, nodeip))