From 3fbcf26e8caa40e099b0e2f11e261d990874c0ed Mon Sep 17 00:00:00 2001
From: Tomer Shalev <tshalev@proofpoint.com>
Date: Mon, 2 Oct 2023 17:40:14 +0300
Subject: [PATCH] Conditionally create set

Fix the case when fail2ban restarts, and the set already exist from
previous runs
---
 config/action.d/iptables-ipset-proto4.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/action.d/iptables-ipset-proto4.conf b/config/action.d/iptables-ipset-proto4.conf
index d33008be..e2b25278 100644
--- a/config/action.d/iptables-ipset-proto4.conf
+++ b/config/action.d/iptables-ipset-proto4.conf
@@ -27,7 +27,7 @@ before = iptables.conf
 # Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
-actionstart = ipset --create f2b-<name> maxelem <maxelem> iphash
+actionstart = ipset --create f2b-<name> maxelem <maxelem> iphash --exist
               <_ipt_add_rules>