ipblocklist: Add "v4" as extension to the ipset set names.

This easily allows us to swap the sets after updating, without
unloading them.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

config/cfgroot/ipblocklist-functions.pl

@@ -249,6 +249,9 @@ sub download_and_create_blocklist($) {
 	# Simply set the limit of list elements to the double of current list elements.
 	my $maxelem = $list_entries *2;
 
+	# Add "v4" suffix to the list name.
+	$list = "$list" . "v4";
+
 	# Write line to create the set.
 	#
 	# We safely can use hash:net as type because it supports single addresses and networks.

config/firewall/rules.pl

@@ -1060,11 +1060,23 @@ sub ipset_restore ($) {
 
 	# Check if the given set name is a blocklist.
 	} elsif ($set ~~ @blocklists) {
+		# IPblocklist sets contains v4 as setname extension.
+		my $set_name = "$set" . "v4";
+
 		# Get the database file for the given blocklist.
 		my $db_file = &IPblocklist::get_ipset_db_file($set);
 
 		# Call function to restore/load the set.
 		&ipset_call_restore($db_file);
+
+		# Check if the set is already loaded (has been used before).
+		if ($set ~~ @ipset_used_sets) {
+			# Swap the sets.
+			run("$IPSET swap $set_name $set");
+		} else {
+			# Rename the set to proper use it.
+			run("$IPSET rename $set_name $set");
+		}
 	}
 
 	# Store the restored set to the hash to prevent from loading it again.

src/scripts/update-ipblocklists

@@ -139,6 +139,15 @@ if (@updated_blocklists) {
 
 		# Call safe system function to reload/update the blocklist.
 		&General::system("ipset", "restore", "-f", "$ipset_db_file");
+
+		# The set name contains a "v4" as suffix.
+		my $set_name = "$updated_blocklist" . "v4";
+
+		# Swap the sets to use the new one.
+		&General::system("ipset", "swap", "$set_name", "$updated_blocklist");
+
+		# Destroy the old blocklist.
+		&General::system("ipset", "destroy", "$set_name");
 	}
 }