I have an ipset where various ip ranges are added.
This ip ranges are loaded automatically from a list of ips and ip ranges for blocking purposes.
I'm trying to remove just one ip or a smaller subset from a subset already added.
If I do
ipset test listname IP
it says that ip is in set listname
however if I try to remove it with
ipset del listname IP
it says that the entry is not added in the set
My guess is that I would need to track the ip range previously added because it was clearly a range and not a single ip, remove the range, split it in two ranges around that single ip, remove the original range and add the two ranges back?
How can I know what range were added? do a verbose option of test exists so that I can understand wich was the original specified range were that ip was in?
Shouldn't ipset del do this long job for me already ??? If I want to remove an ip from a range that calculations should be done automatically!
firewall-cmd --permanent --ipset=listname --remove-entry=IP.