+ return wantarray ? ($cmdlist, $changes) : $cmdlist;
+}
+
+sub get_ipset_cmdlist {
+ my ($ruleset, $delete, $verbose) = @_;
+
+ my $cmdlist = "";
+
+ my $active_chains = ipset_get_chains();
+ my $statushash = get_ruleset_status($ruleset, $active_chains, \&ipset_chain_digest, $verbose);
+
+ if(!$delete){
+
+ foreach my $chain (sort keys %$ruleset) {
+ my $stat = $statushash->{$chain};
+ die "internal error" if !$stat;
+
+ if ($stat->{action} eq 'create') {
+ foreach my $cmd (@{$ruleset->{$chain}}) {
+ $cmdlist .= "$cmd\n";
+ }
+ }
+
+ if ($stat->{action} eq 'update') {
+ my $chain_swap = $chain."_swap";
+
+ foreach my $cmd (@{$ruleset->{$chain}}) {
+ $cmd =~ s/$chain/$chain_swap/;
+ $cmdlist .= "$cmd\n";
+ }
+ $cmdlist .= "swap $chain_swap $chain\n";
+ $cmdlist .= "flush $chain_swap\n";
+ $cmdlist .= "destroy $chain_swap\n";
+ }
+
+ }
+
+ }else{
+
+ foreach my $chain (keys %$statushash) {
+ next if $statushash->{$chain}->{action} ne 'delete';
+
+ $cmdlist .= "flush $chain\n";
+ $cmdlist .= "destroy $chain\n";
+ }
+ }
+
+ my $changes = $cmdlist ? 1 : 0;
+
+ return wantarray ? ($cmdlist, $changes) : $cmdlist;